VBootkit Bypasses Vista's Code Signing Mechanisms
Experts say that the fundamental problem that this highlights is that every stage in Vista's booting process works on blind faith that everything prior to it ran cleanly. The boot kit is therefore able to copy itself into the memory image even before Vista has booted and capture interrupt 13, which operating systems use for read access to sectors of hard drives, among other things.
This is not theoretical; VBootkit is actual code that demonstrates this.
Posted on April 3, 2007 at 12:51 PM • 51 Comments