Malware

Code for ultimate rootkit to be released on 19 March 2009

Security researchers Joanna Rutkowska and Rafal Wojtczuk just published a research paper describing a new SMM rootkit that installs via a CPU caching vulnerability. This could be the "perfect storm" of rootkits.

Rutkowska is known for developing Blue Pill, a rootkit claimed be to be undetectable. The assertion of being undetectable started quite a controversy and to my knowledge was never officially proven. It appears that the new rootkit code is an enhanced version of Blue Pill and has even more insidious capabilities.

What's SMM

Originally, System Management Mode (SMM) was added to processor firmware as a way for hardware developers to repair problems in their products by using software. As I understand it, SMM operates at a much higher privilege level than the operating system, which means operating systems can't control or read SMM. In fact, to understand what's going on in SMM usually requires a logic analyzer. To get a better grasp of SMM, check out Robert R. Collin's paper titled "Intel's System Management Mode":

"System Management Mode (SMM) is intended to be used for advanced power-management features and other operating-system-independent functions. The chipset is programmed to recognize many types of events and timeouts. When such an event occurs, the chipset asserts the SMI# input pin. At the next instruction boundary, the microprocessor saves its entire state and enters SMM."

Not a new issue

SMM security-related issues have been know about for several years. In fact Federico Biancuzzi of SecurityFocus interviewed security researcher Loic Duflot in June of 2006, and wrote the article "The quest for ring 0." OK, now I'm confused. If this exploit has so much potential and has been around this long. Why haven't any exploits surfaced? Rutkowska explains why:

"Even though there have been several presentations about SMM security-related issues in the past 2-3 years, none of the research considered how to bypass system-level protection of the SMM memory."

Code exploits SMM

Rutkowska and Wojtczuk claim they found a method to bypass the system-level protection, allowing them to create a rootkit that installs in the SMM space. Rutkowska has a press release (pdf) on her Web site that describes the attack as a two-step process:

  1. First an attacker is required to get access to a so called SMM memory. The code within SMM memory (also called SMRAM) is executed with the highest privileges on PC platforms. SMM is more privileged than the kernel-mode code (Ring 0), and even more privileged than a hardware hypervisor code, often referred to as Ring-1. SMM code can be thought of as if executing in Ring -2
  2. Once the attacker got access to the SMM memory, the attacker can inject a special shellcode2 into the SMM. The payload of the shellcode will depend on the circumstances. In our attack we use a shellcode that adds a simple backdoor to a Xen hypervisor. The whole point about using a shellcode located inside SMM is that Intel TXT doesn't validate the SMM memory during the trusted launch process. Consequently, the attacker might be able to survive the TXT trusted launch, if and only if, he or she decides to shelter themselves inside the SMM memory.

Implications

This exploit is completely new and potentially devastating. The malware code takes over a PC with little or no recourse to remove it. I imagine the rootkit will be able to contact command and control servers and of course have the latest and greatest malware payloads rivaling any of the newest trojans. All of this and the computer's operating system is totally oblivious to what's happening.

Why release this

Many people, myself included are asking why publicize this? It seems that the researchers felt something needed to be done to motivate Intel into fixing the vulnerability. Rutkowska mentioned that Intel management was informed of this vulnerability in 2005 by its own employees. Rutkowska and Duflot both claim that they also informed Intel of the problem on numerous occasions

According to Rutkowska's Black Hat DC 09 presentation Intel informed CERT about this potential exploit, eventually receiving tracking number (VU#12784). It appears that's as far as Intel went, and that hasn't set well with Rutkowska. So Rutkowska and Wojtczuk decided to force Intel's hand by releasing one version of exploit code and a paper about the vulnerability. Rutkowska explains her position further (courtesy of JHeary and NetworkWorld):

"If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later. So, don't blame researchers that they find and publish information about bugs - they actually do a favor to our society."

Intel's response

Intel feels that it has a solution in SMI transfer monitor (STM). The premise is that STM places SMM in a sandbox as the following Intel patent explains:

"The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM."

It's my understanding that the fix has not been released yet. More importantly, I didn't see any information as to how this would be rolled out. If you think about it, that's going to be one huge task.

Final thoughts

The two researchers obviously feel strongly about what they're doing. I'm sure Intel does as well, especially since they have a proposed solution. So where does it go from here? Your guess is as good as mine. I do know that we don't need an ultimate rootkit in the wild.

"Need to know" security news and advice delivered each Tuesday, TechRepublic's IT Security newsletter gives you the hands-on advice you need for locking down your systems and making sure they stay that way. Automatically sign up today!

About

Information is my field...Writing is my passion...Coupling the two is my mission.

61 comments
snorbert
snorbert

Your link to Intel's page http://software.intel.com/en-us/articles/intel-c-stm-compiler-prototype-edition-20 supposedly explaining SMM Transfer Mode, is actually to a page talking about Intel's implementation of Software Transactional Memory, which helps out with parallel programming but AFAICT has nothing to offer in fixing the problems with SMM. This could perhaps be understood as a URL cut-and-paste error from a set of search results, but then some text from that page is pasted verbatim into your article, and it doesn't actually make any sense in the context of the article. If you can find a link to a page that actually explains SMM Transfer Mode, that would be quite handy.

sivant
sivant

This is a good old known issue. I'm not following the logic in the claim: "Even though there have been several presentations about SMM security-related issues in the past 2-3 years, none of the research considered how to bypass system-level protection of the SMM memory." In the description of the new exploit, she says "First an attacker is required to get access to a so called SMM memory". But that's exactly where it normally ends! If the OS is configured reasonably and password are strong enough and kept secret, the attacker will be blocked at this first step. Rutkowska just assumes this is done and goes on with the attack. So she didn't do anything Duflot didn't mention in the past. She did manage to make much more press about it ;-) Also her finding that Intel's TXT relies on the integrity of SMM is a well known fact, discussed in the TCG and specified in the DRTM (Dynamic Root of Trust for Measurement) draft. (In generic context - you won't find the Intel specific term TXT.)

Neon Samurai
Neon Samurai

That's all I can say until my brain has time to digest what I just read. yesterday someone handed me a link to another article on this but I didn't get a change to read it. This morning I find that it's hit TR's postings and give it a read over. Wow.. just.. Wow..

dixon
dixon

I'm working on a server at the moment which suffered a catastrophic virus infection. Literally every executable file was destroyed. After a reformat and a Windows reinstallation, the damned thing is still there. Nothing, so far, has been able to touch it. Even before reading your article, I was starting to consider some sort of firmware infection (CPU, SCSI backplane, etc.), although I've never encountered such a thing before. Wish me luck.

Jaqui
Jaqui

There have been viruses that have been able to infest the bios / cmos segment of the hardware, why not something able to infest the cpu? Anything that can be altered via software while in use has vulnerabilities in it. The positive thing about this is that the number of criminal type who have the skills needed to write such a beast is even more limited than those that can write a regular virus / bot.

santeewelding
santeewelding

I am lowering my estimate of "distrustful" down to drawing a sidearm at the mention of "security".

Michael Kassner
Michael Kassner

The ultimate rootkit would be one that lives in the processor's firmware. Supposedly, code for such an animal is to be released on 19 March. I'm indecisive as to what's right in this case, which is why I'd like to know if you agree with the researchers or Intel.

Michael Kassner
Michael Kassner

Both companies are obviously important and I hope they learn to play nice.

Michael Kassner
Michael Kassner

What you are saying, the SMM attack happens when the computer is being used. There are privilege escalation hacks that will elevate the malware to enable it to attack the SMM space. I'd assume that this would be initially handled by a drive-by dropper program. What did you think about Intel's answer to the exploit. Do you feel that it's a viable solution?

Michael Kassner
Michael Kassner

I'm trying to see what's happening today now that it's out. I think we kind of scooped a lot of the typical IT sources as there is very little out there as of yet.

---TK---
---TK---

to throw a Linux distro on it... install Wine, and install a .exe and see what happens... I would also try to find a detailed hardware monitor... might be interesting... might show where the attack is coming from...?

Ed Woychowsky
Ed Woychowsky

The ultimate would be to infect a hard drive's micro code. That would allow one to essentually lock-up and hold for ransom a good chunk of the world's data. An evil genius might find that even more useful than a moon-mounted death ray. Now, imagine counties getting an offer to unlock their information for the sum of one hundred billion dollars from an mysterious individual stroking a persian cat. Excuse me, but I'm off to the aniamal shelter...

Neon Samurai
Neon Samurai

I remember having a machine I reinstalled a few times only to have the virus still present thanks to infecting the mbr on the drive. (edit): never mind.. just read your followup

dixon
dixon

...that I also just replaced the hard drives, so it's got to be somewhere else. Fun, huh?

Michael Kassner
Michael Kassner

It seemed to me that it would take a great deal of skill to pull this off. I know Rutkowski, Tereshkin, and Fan are very capable in that regards.

Michael Kassner
Michael Kassner

I know you have an up-beat attitude. Besides you are on top of all of this anyway.

Aedon
Aedon

This may seem obvious but... Does this currently affect other processors such as AMD processors?

sgodbe
sgodbe

It seems the self-serving 'path to greatness' these days involves giving a press release annoucing "Gotterdammerung" is now, revealing their technical superior mastery by detailing the eitiology of an exploit, 1st holding the OEM vendor hostage, then threatening to release a POC or sample exploit code to 'force the hand' of the OEM to try to force them to speed a fix for their customer base. What we have here is a plain and simple personality disorder which inspires the 'researcher' to place an installed userbase at risk or in fear of exposure just to try to inflate their sense of self-importance and/or to increase their media exposure. There are many professional organizations to do peer analysis of these risks and to lobby or pressure vendors to improve their products without exposing innocent customer bystanders to additional risk of harm or to stampeded them into deploying unnecessary solutions ahead of their original cycle. If you release exploit code into the wild, you have contributed in material part to a bad actor's attack upon innocent users and we have civil law to address recovering partial damages. I think punitive class actions lawsuits are an appropriate response and perhaps the only way to put an end to this practice, encouraging responsible researchers to work with professional bodies to analyze and correct these problems with minimal risk of an exploit getting into the wild instead of engaging in chest-thumping and 'Chicken-Little' press calls to inflate one's sense of self. I for one am quite ready to contribute my $10-100 contribution to an attorney and I'll bet there are tens of thousands of individuals on corporations willing to kick in that much and more to encourage more responsible research and lobbying. Until then, I think more and more of us will be migrating to thin client solutions and virtual desktops with aggressive firewalls and IDS systems protecting the back-ends to address this and many other security issues. But let me just say again, I'm ready to mail a check with her name on the memo tonight and I hope many others are, too.

Mycah Mason
Mycah Mason

This is not an area of expertise for me, but to reply directly to your comment: I would have to choose the side of the researchers in this case. It seems that Intel has had ample time to address this security issue. It seems that the only way to get them to fix it is to force their hand IMHO. Maybe I'm over-simplifying the issue, but there has to be a point where you decide (as the researcher) that a company has dragged their feet long enough. Eventually someone WILL find a way to exploit the vulnerability.

StealthWiFi
StealthWiFi

So how would a Root Kit scanner evolve to be able to detect this? What about IDS to notify your box is communicating with someone it shouldn't? Now you know you have it, how to remove: Replace MB - that would suck - does warranty cover it? Flash BIOS - doesn't seem like this would do enough? If the code is stored in memory is there a way to clear it out and reload? Just a few quick thoughts

seanferd
seanferd

I hadn't looked too hard to find any info. Thanks! (Not yet read.) - Great links to go with a cool article, thanks again. - So SMM is resident in BIOS then, and not processor micrcode? Or is it? OK, both, kind of. And here I'd forgotten all about ICE. I remember reading a bit about it long ago, when I was into assembly language and machine architecture (as an interest - no real abilities here!).

seanferd
seanferd

Not to prod you, but it might be a good idea. If you like to play "mea culpa", you can just strikethrough the original text and add a small fixup paragraph. I didn't catch it, but just let anything that didn't seem applicable slide past me. Nice catch on snorbert's part.

sivant
sivant

The escalation must begin with super privilege and escalate it further from there. This is relevant to secure systems that try to limit the capabilities of a privileged user (e.g. SE Linux) but 99% of the systems don't have that, so once an attacker gained root/admin privilege, all bets are off. The SMM is just one other attack, and probably the least cost-effective from hacker's point of view and thus least likely. Intel did not clearly explained their STM solution, but I have a strange feeling that this is just moving the problem around - now instead of attacking SMM, Rutkowska will attack STM, and they will keep this thing alive until the public will realize that this is more of an academic debate than a real threat. For highly assurance systems (Multi-level security, mostly in Defence sector) this is a much bigger issue. For the ussual business that just uses computer to replace paper work - this is not a big deal - IN MY OPINION.

dixon
dixon

It was hiding in the backplane firmware. Sheesh.

Michael Kassner
Michael Kassner

Still, I haven't read any reports that AMD is vulnerable as of yet. Great question. I'll post if I find out anything.

dixon
dixon

I'd send a check today, if there was anywhere to send it to.

Michael Kassner
Michael Kassner

Is an interesting concept. I suspect it would be able to create quite a powerful lobby.

Michael Kassner
Michael Kassner

Myself. Only from the fact that there may be all sorts of variations of this rootkit out there already. So the door needs to be closed.

Michael Kassner
Michael Kassner

It really is so new that I'm not sure what will shake out. On the flip side, there may be rootkits using this approach out there already and staying below the radar (e.g., Conficker). I haven't heard of any solutions as of yet. I suspect that will depend on the payload and how active the malware is. I suspect it will use HTML traffic to phone home to make it less conspicuous. I'm for sure going to keep on top of this and will add comments or write a new piece about what's happening.

Michael Kassner
Michael Kassner

To decide on what's for real or not, knowing her past history.

Michael Kassner
Michael Kassner

It's a matter of RoI, and you are saying that target systems with a potential for a good RoI are going to be protected to a point where it's not trivial to get a SMM rootkit installed. I appreciate your logic and thank you for taking the time to focus my thoughts. I'd appreciate hearing your thoughts about STM, if and when new information comes to light.

Michael Kassner
Michael Kassner

I sensed all of the same things. I don't have an answer either. What is starting to bug me a bit is that there's not much activity regarding this on the "Net" right now. Either NetworkWorld and TR is way out in front or we got took. Time will tell.

seanferd
seanferd

I would have found her response to Hoff's open letter a tad more believable if not for the tag "bad guys attacking joanna". Good grief. She definitely has her points, but so does Hoff. The bit about fire safety is ridiculous - it isn't explained by either in depth. Was maximum occupancy reached, but it was OK to exceed this as long as chairs were used? If so, she has a point - on one level. Regardless, there is no sitting on the floor, as that is the best way to get trampled to death in event of an emergency. People in chairs are less likely to get trampled. People in chairs blocking means of egress is another matter again. It sounds stupid all the way around. And as far as being confused by the technical depth of the presentation and follow-up questions; that is BS. A second-grader can understand: Blue Pill either works on some type (1 or 2) of hypervisor, or it doesn't. It works on ESX, or it doesn't. WTH? It would be a lot easier to deal with if she were a total crank, but she is not. She just isn't clear, or apparently contradictory, sometimes, but she just doesn't see it. If you were confused, you just don't have the prerequisite technical understanding. Wrong - see paragraph above. Sometimes I wonder if it is a language thing - "and I couldn?t refrain myself from not commenting about this." Which would mean she would not have commented. The phrase is equivalent to "I won't dignify that with an answer", which is not what she meant, nor what she did. I don't know, because people insert extra words accidentally when communicating all the time, but since Hoff mentioned the "language barrier", it makes me wonder. Mabe she needs an interpreter/apologist buddy like Ayn Rand, since everyone else is just so stupid. Again, I don't know, I don not mean to ascribe intentions or mindsets to her, as I do not know her, but this is how she comes across sometimes.

Michael Kassner
Michael Kassner

Rutkowska has an up hill battle to fight. She kind of shunned her peers the first go around.

Neon Samurai
Neon Samurai

Tiss the season, we'll have to see what becomes available. I'll be back here frequently with it popping up in my Workspace list.

Michael Kassner
Michael Kassner

I used his quote for Joanna's comment. Still not much out there.

Michael Kassner
Michael Kassner

The troubleshooting process. I've yet to deal with that piece of malware. I appreciate your insight in how to remove it.

dixon
dixon

...or 'flailing about in the dark', I'm not sure which. It all started with a really nasty, seemingly new variant of Virut. I had encountered several other flavors of this thing before, which weren't all that tough to resolve, but this one was different. It easily sailed through updated AV and a pretty tight Juniper firewall, by the way. Frustratingly little info seemed to be available about it, other than vague and unhelpful statements from some of the AV vendors that it was "difficult or impossible to recover from". Among its many unpleasant effects were disabling the ability to log on to the server, replacing most critical OS files with bogus versions, infecting anything with an exe extension, and setting up its own IRC connection for further mischief. This was a fairly non-critical server, and since it was attempting to infect every other machine on the network, I pulled it, and went to work. To make a long story short, this thing survived reformats and reinstalls, including one session where I pulled the drives and deleted the partitions using another machine, and another session where I actually physically replaced the drives. I realized I had to start thinking beyond hard drives. If this 'new' firmware threat has taught me anything, it's that I've been too exclusively obsessed with what's on hard drives. So, I asked myself, "What loads up before the drives?". Lots of things, obviously, but for some reason my first thought was the backplane firmware and RAID controller. In my case, that seems to have solved the problem, but from what I'm reading, next time it could as easily be a video card, network adapter, BIOS chip, or who knows what. The reports that some brand new out-of-the-box Chinese-made components are shipping preloaded with infected firmware are really disturbing. Remember those Best Buy picture frames that came complete with keyloggers? I sure hope our fearless leaders in government, finance, and the military are paying attention to this stuff. The fun never ends.

Michael Kassner
Michael Kassner

I remember reading that awhile ago. Couldn't find it though. Also was it just an educated guess to do what you did? Was there anything that clued you into that repair?

dixon
dixon

I simply installed new backplane firmware and RAID drivers, reinstalled the OS, and no more troubles. The server's staying in 'probationary quarantine' through the weekend, while it suffers through every scan known to man, but so far so good. Just out of paranoia, I'm also updating all the other device firmware. I sure hope others are spared this nasty bugger.

Michael Kassner
Michael Kassner

Can you describe what you did to find and remove it?

Michael Kassner
Michael Kassner

Exactly correct. I suspect that sometimes I may sound like a broken record. Still a few members come up against a situation that doesn't respond to normal cures and knowing that this type of malware exists tends to help them look in the correct places. Malware that uses memory typically meant for the device's firmware is new ground and why I wanted to bring it to everyone's attention.

howiem
howiem

Michael, that seems to say that we just have to be very careful about what we install, get downloads from legitimate sites and avoid getting tricked. But isn't that what we should be doing now? And if we take the added precaution of doing all our surfing in a sandbox, even if there is some kind of automatic installer, like an autorun function, the installer will not work in the sandbox. Or am I missing something?

Michael Kassner
Michael Kassner

But AV companies are not having much success with detecting any new dropper program (the code that installs the malware). As you know they rely on signatures and limited heuristics to spot malware. The most popular way currently is using a malicious Web site to download the malware and that's usually on vulnerable computers.

howiem
howiem

Seems t me that it should be detectable on download, before it gets installed, or am I missing something?

Michael Kassner
Michael Kassner

You are saying. Sorry a bit thick today. So the original Blue Pill was indeed detectable.

Jaqui
Jaqui

when she subsequently released the sources, the developers of rootkit scanners had the means to test the concept themselves.

Michael Kassner
Michael Kassner

That's the second revision of Blue Pill. This quote is what I seem to remember as the sequence of events: "In 2007, a group of researchers led by Thomas Ptacek of Matasano Security challenged Rutkowska to put Blue Pill against their rootkit detector software at this year's Black Hat conference,[5] but the deal was deemed a no-go following Joanna's request for $384,000 in funding as a prerequisite for entering the competition."

Jaqui
Jaqui

the anti rootkit scan software to test it. she released the sources for bluepill. They could test the POC and alter their code base to be able to detect it, or related rootkits. edit to add: http://bluepillproject.org/ Wikipedia says the sources were released there.

Michael Kassner
Michael Kassner

All the processor developers did. I seem to remember Blue Pill being ported to Intel as well. Ironically if Blue Pill does as she suggested then we shouldn't be able to determine if it's out in the wild.

seanferd
seanferd

AFAIK, it's just her POC, nothing like it in the wild. And yes, if you wanted an actual working rootkit, not just an exploit, you'd have to pony up the cash. I wonder if AMD ever changed their virtualization extensions over this?

Michael Kassner
Michael Kassner

Of it actually being in the wild. Also she didn't seem to want to prove that it actually was undetectable.

seanferd
seanferd

although her behavior was odd, but that seems to be in line with her business model. blue Pill was more limited then the more sensational "headlines" suggested, however.

Editor's Picks