Windows 7 Rootkit Code Made Available


Two security researchers, Vipin Kumar and Nitin Kumar, have decided to release the code that they used to take control of a Microsoft Windows 7 operating system at the Hack in the Box conference held in Dubai. The researchers originally announced that they would not be releasing the code, saying that it might be misused.


VBootkit 2.0 was developed to exploit a design flaw in the Windows 7 operating system. The exploit can remove and restore user passwords and strip Digital Rights Management (DRM) protections without a trace. It is now available for download under an open-source license.


Microsoft has already stated that the VBootkit 2.0 was not a serious threat because the attacker has to have physical access to the target computer in order to launch the attack. VBootkit is small, just 3KB in size. Kumar and Kumar claim that the rootkit can be modified to run remotely.


I am on the fence about this. Lets look at both sides of the equation: if the code is made available, it gives researcher's the ability to look at another vulnerability and how it might affect an operating system, specifically a new operating system. Researchers need as much code as they can get their hands on to continue to understand how exploits work. On the flip side, there are many people who would use the code for the wrong purpose. In addition, we are also teaching a new generation of hackers how to create rootkits.


In this case, I don't like the idea of making the code public. If the developers want to make the code available for research, there are a few options. They could just give it to companies like Microsoft or Symantec. Another option is to give it to a research university. Anyone wanting access to the code could apply for access to it. I think the last thing we want to do is just to make it available for anyone to download and use it. What do you think? Should the code be made available to anyone?