Printed from

Security team shows unfixable Windows 7 hack

updated 01:40 pm EDT, Thu April 23, 2009

Windows 7 hack program

At the Hack In The Box (HITB) Security Conference in Dubai on Thursday, security researchers demonstrated how software they developed can already take advantage of a design problem with the upcoming Windows 7 operating system, allowing them to hack into the system. VBootkit 2.0, created by researchers Vipin Kumar and Nitin Kumar, was used to demonstrate how hackers can take control of a Windows 7 computer while it's booting up. Unlike most exploits, though, the attack is said inherent to Windows 7 and may likely remain with the OS until it's replaced.

"There's no fix for this. It cannot be fixed. It's a design problem," Vipin said, though the attack cannot be done remotely and requires that hackers have physical access to a PC.

The program is just 3KB big and lets attackers change files that are loaded into system memory during the boot process. Because nothing is changed on the hard disk itself, VBootkit 2.0 is hard to detect, Vipin says. Also, rebooting the computer gets rid of the security issue, as system memory is cleared during the process.

Via the software, hackers can remotely control the targeted computer and change their access level to the highest possible. Passwords can also be removed, letting hackers access a victim's files. What's more, the password is restored, so victims are unaware their security was breached.

As the name implies, VBootkit 2.0 is the second such program developed by Vipin and Nitin, as the original was demonstrated back in 2007 and exposed a vulnerability in Windows Vista.

Microsoft hasn't commented on the exploit. [via NetworkWorld]

By Electronista Staff
Post tools:




  1. climacs

    Mac Enthusiast

    Joined: Sep 2001


    Windows 8!!!

    Never fear, Windows 8 will be the bestest ever! Really, this time for sure!

    But seriously, is this a real threat? It requires physical access to the computer. There's all sorts of mischief which can be done if one has physical access to a targeted computer.

  1. climacs

    Mac Enthusiast

    Joined: Sep 2001



    OK it loads when booting up. How does it help to re-boot, then? Even if it is cleared from system memory? Am I missing something here?

  1. Wingsy

    Fresh-Faced Recruit

    Joined: Apr 2005



    C'mon guys. The attacker has to have physical access to the machine for this to work. You might as well come up with a story that Win7 machines are vulnerable to being picked up and carried away.

    The real stories are the remote exploits. More like those please.

  1. eldarkus

    Fresh-Faced Recruit

    Joined: Feb 2004



    I came out with a great virus. It's pre-loaded on some RAM i have.. all I have to do is install the RAM in someone's machine and it's mine... as long as they dont restart it!!

  1. DeezNutts

    Fresh-Faced Recruit

    Joined: Apr 2008



    With physical access you can rig a machine so that everytime it boots you 0wNz it!

    Who would have thought!???

    How is this even news?

  1. climacs

    Mac Enthusiast

    Joined: Sep 2001


    A new Windows virus

    I have created a trojan which can automatically create a new user account on a computer, delete any and all files, and direct a computer's browser to unsafe sites provided that it has physical access to a targeted computer.

    It's called 'a human being'.

  1. hayesk

    Professional Poster

    Joined: Sep 1999



    This flaw has big impact to corporate users where IT departments need to control the rights employees have on the machines. Imagine a disgruntled employee coming in early, booting up his coworkers' desktop PCs, installing spyware and gathering his coworkers' passwords and other data.

    This is a big deal.

  1. phpmaven

    Fresh-Faced Recruit

    Joined: Jan 2009


    Complete nonesense

    This is a non-issue. As others have said, this would require physically sitting at the PC and installing a root kit. Also any corporation worth it's salt is going to have it's PCs locked down so that nobody can just sit down and install a root kit.

  1. climacs

    Mac Enthusiast

    Joined: Sep 2001


    I guess

    these guys had to justify the cost of going to Dubai in order to discuss computer security...

  1. testudo

    Forum Regular

    Joined: Aug 2001



    How does the software get in system memory to run if the system memory is wiped on boot?

    Sounds like one of those "If someone freezes the memory...." exploits.

    Hey, they're just lucky they didn't do this on a Mac. They'd been creamed. Although they technically didn't do it on a PC, either, they did it in a virtual machine.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News