Malware

Security researcher to unveil rootkit for Cisco routers

Security researcher Sebastian Muniz of Core Security Technologies will be unveiling a malicious rootkit that he developed for Cisco's routers at the EuSecWest conference come 22 of May.

Security researcher Sebastian Muniz of Core Security Technologies will be unveiling a malicious rootkit that he developed for Cisco's routers at the EuSecWest conference on May 22.

Traditionally the domain of operating systems, rootkits are essentially malware that makes extraordinary efforts to hide themselves by subverting key processes or files on a target operating system.

Excerpt from Network World:

A Cisco rootkit is particularly worrisome because, like Microsoft's Windows, Cisco's routers are very widely used. Cisco owned nearly two-thirds of the router market in the fourth quarter of 2007, according to IDC.

If Muniz's claim is true, this could also mark the first time that someone is presenting a rootkit specifically written for Cisco's proprietary Internetwork Operating System, or IOS. Unlike specific "IOS patching shellcode" exploits that are custom-written with a specific version of IOS in mind, Muniz's rootkit is particularly virulent as it would work on several different versions of IOS.

While a method of compromising a deployed router is still required, the door is now open for the router to be tempered prior to delivery, from which it can be used to covertly monitor and subvert the device as necessary.

In case you think tempering at the supply-chain level is unlikely, I have posted a story earlier this week on an FBI investigation that recovered $3.5 million worth of fake Cisco network equipment.

How do you think Cisco will do in reaction to the development of a rootkit for the Cisco IOS?

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

3 comments
robo_dev
robo_dev

Yes, I could be dead wrong, but more often than not, a security researcher will find some absolutely improbable exploit based on some very minor flaw, and it will be front page news. Like that silly story a few months back about "disk encryption cracked by freezing memory" which had nothing to do with cracking encryption, exposed very little security threat to existing technology, and was widely misreported in the news. The upshot is that the 'suits' get all panicky and us 'nerds' have to calm them down and explain how the media takes any half-baked theory by a self-ordained 'security researcher' and suddenly the sky is falling, from a security standpoint.

wratholix
wratholix

You cant expect them to understand everything that they report on, correction most of the time reporters dont know jack about the topic :)

Editor's Picks