Stoned Bootkit upgraded to v2.0

Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again".

A bootkit is a boot virus that is able to hook and patch Windows to get load into the Windows kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the master boot record (where Stoned is stored) is not encrypted. The master boot record contains the decryption software which asks for a password and decrypts the drive. This is the weak point, the master boot record, which will be used to pwn your whole system. No one’s secure!

For whom is Stoned Bootkit interesting?

  • Black Hats
  • Law enforcement agencies
  • Microsoft

Why is Stoned something new? Because it is the firts bootkit that..

  • attacks Windows XP, Sever 2003, Windows Vista, Windows 7 with one single master boot record
  • attacks TrueCrypt full volume encryption
  • has integrated FAT and NTFS drivers
  • has an integrated structure for plugins and boot applications (for future development)

The list of plugins integrated with "Stoned BootKit":

  • CO2-Plugin
  • PE Infector
  • File Parsers
  • HibernationFile Attack
  • PagefileInjector
  • Music Melody!
  • BootPassword Crack
  • AntiWPA
  • Persistent BIOSInfector

Stoned v2

The next version of Stoned is currently under development. The next version is going to be more sophisticated than ever. Features:

  • 64-bit support based on the implementation of vbootkit 2.0
  • infecting all local and physical drives (including USB autorun and native flash drive infection)
  • Linux support - experimental
  • BIOS persistent infection - experimental

Stoned v2 beta testing is now open! Write a simple mail to Peter@Kleissner.at with subject "Stoned Beta Program" and you will receive further instructions and downloads.

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Comments

Related Articles

Exploitation
Forensics
Rootkits
Stoned Bootkit