Hacker writes rootkit for Cisco's routers
A security researcher has developed malicious rootkit software for Cisco
Systems' routers, a development that has placed increasing scrutiny on the
routers that carry the majority of the Internet's traffic.
Sebastian Muniz, a researcher with Core
Security Technologies, developed the software, which he will unveil on May
22 at the EuSecWest
conference in London.
Rootkits are stealthy programs that cover up their tracks on a computer, making
them extremely hard to detect. To date, the vast majority of rootkits have been
written for the Windows operating system, but this will mark the first time
that someone has discussed a rootkit written for IOS, the Internetwork Operating
System used by Cisco's routers. "An IOS rootkit is able to perform the
tasks that any other rootkit would do on desktop computer operating systems,"
Muniz said in an e-mail interview.
Rootkits are typically used to install key-logging software as well as programs
that allow attackers to remotely connect with the infected system. However,
the most notorious rootkit of all, distributed
by Sony BMG Music, stopped unauthorized CD copying.
A Cisco rootkit is particularly worrisome because, like Microsoft's Windows,
Cisco's routers are very widely used. Cisco owned nearly two-thirds of the router
market in the fourth quarter of 2007, according to research firm IDC.
In the past, researchers have built malicious software, known as "IOS
patching shellcode," that could compromise a Cisco router, but those programs
are custom-written to work with one specific version of IOS.
Muniz's rootkit will be different. "It could work on several different
versions of IOS," he said.
The software cannot be used to break into a Cisco router -- an attacker would
need to have some kind of attack code, or an administrative password on the
router to install the rootkit, but once installed it can be used to silently
monitor and control the device.
The rootkit runs in the router's flash memory, which contains the first commands
that it uses to boot up, said EuSecWest conference organizer Dragos Ruiu.
Muniz said he has no plans to release the source code for his rootkit, but
he wants to explain how he built it to counter the widespread perception that
Cisco routers are somehow immune to this type of malware. "I've done this
with the purpose of showing that IOS rootkits are real, and that appropriate
security measures must be taken," he said.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
