2009/6/26 Rob Fuller <[email protected]>: > So all of this is just theoretical right now so, it's probably flawed > somewhere, but that's what ya'll are for ;-) > When I first herd the word "bootkit" my mind went instantly to boot cd/usb. > The guest in Episode 154 though was talking about more of a payload that > gets delivered in malware that some how (I'm thinking by editing the boot > params just like you do for dual booting) infects the machine. > Well, lets ride down my road a bit. You kinda need physical access to put a > CD or usb in the drive right? hmm, not so much. With the push for > virtualization people already have most of their most precious information > on virtual machines. And how does VMware install their VMware Tools? ;-) now > you are starting to see where I am going. Here is the theoretical "what if" > An attacker pushed the mounting of a CD / USB drive to a server, bypassing > or breaking the authentication to do so (although I don't think there is > any, kinda like the old days before sessions, of directly accessing the > admin page, bypassing the login page). Then waiting for a reboot to happen, > or just causing one yourself. > Wam bam, thank you ma'am. Now I hope I am totally wrong, but hopefully this > got you thinking in a new direction.
Don't know if it is just VirtualBox but if I have a CD mounted that has autorun on it the autorun gets run whenever the machine is suspended and resumed. Does this go for VMWare as well? I rarely reboot my VMs but I do suspend and resume them quite frequently. Robin _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
