Austrian programmer and security analyst Peter Kleisnner is slated to unveil the first known bootkit for Windows 8 at the upcoming MalCon security conference in Mumbai.
A bootkit is a kernel-mode rootkit that infects the master boot record (MBR), making it difficult for many security programs to detect. In their August Intelligence Report, researchers at Symantec said they had already been as many new boot time malware threats detected in the first seven months of 2011 as they were in the past three years.
While much of the details of the bootkit – known as Stoned Lite – are under wraps, Kleissner noted on Twitter that the infector file is 14 KB in size and the bootkit can be started from a USB drive or CD.
“Might add in-memory patching of msv1_0!MsvpPasswordValidate, so it allows to log on with any password.. nothing new but nice and fancy,” he tweeted.
The malware does not attack UEFI or secure boot, he added. It only targets the legacy BIOS.
The researcher also tweeted that he had informed Microsoft of his research. His talk however remains somewhat in doubt, as MalCon organizers noted in an announcement that the researcher has yet to have his VISA application approved.
More information on the conference can be found here.
