- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
A security researcher has developed malicious rootkit software for Cisco's routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic.
Sebastian Muniz, a researcher with Core Security Technologies, developed the software, which he will unveil on May 22 at the EuSecWest conference in London.
Rootkits are stealthy programs that cover up their tracks on a computer, making them extremely hard to detect. To date, the vast majority of rootkits have been written for the Windows operating system, but this will mark the first time that someone has discussed a rootkit written for IOS, the Internetwork Operating System used by Cisco's routers. "An IOS rootkit is able to perform the tasks that any other rootkit would do on desktop computer operating systems," Muniz said in an e-mail interview.
Rootkits are typically used to install keylogging software as well as programs that allow attackers to remotely connect with the infected system. However, the most notorious rootkit of all, distributed by Sony BMG Music, stopped unauthorized CD copying.
A Cisco rootkit is particularly worrisome because, like Microsoft's Windows, Cisco's routers are very widely used. Cisco owned nearly two-thirds of the router market in the fourth quarter of 2007, according to IDC.
In the past, researchers have built malicious software, known as "IOS patching shellcode," that could compromise a Cisco router, but those programs are custom-written to work with one specific version of IOS.
Muniz's rootkit will be different. "It could work on several different versions of IOS," he said.
The software cannot be used to break into a Cisco router -- an attacker would need to have some kind of attack code, or an administrative password on the router to install the rootkit, but once installed it can be used to silently monitor and control the device.
The rootkit runs in the router's flash memory, which contains the first commands that it uses to boot up, said EuSecWest conference organizer Dragos Ruiu.
Muniz said he has no plans to release the source code for his rootkit, but he wants to explain how he built it to counter the widespread perception that Cisco routers are somehow immune to this type of malware. "I've done this with the purpose of showing that IOS rootkits are real, and that appropriate security measures must be taken," he said.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (9)
Security 1stBy Anonymous on May 20, 2008, 8:46 amThis is a very interesting find and should hopefully entice and continue to motivate companies to stress the importance of security management. Great stuff Sebastian!
Reply | Read entire comment
A secure environment mitigates this riskBy Anonymous on May 16, 2008, 12:43 pmIn order to deploy these rootkits, someone needs device access. Imagine that you're using two-factor authentication to login, and logging all commands entered to...
Reply | Read entire comment
DiversifyBy esINbg on May 15, 2008, 7:10 pmWith time, money and motivation anything can be hacked into. Don't gimme that "mine is not hackable" chorus. Unfortunately for Cisco their gear provides the largest...
Reply | Read entire comment
IT security GOD ?By Petr Ruzicka on May 15, 2008, 11:17 amWow, that's the first time I've seen someone to label Cisco as "security GOD" Usually I come across quite opposite statements - box movers, HW company without...
Reply | Read entire comment
RE: diversified security...By y0da on May 15, 2008, 9:34 amSaying "all security with cisco is shot in the foot" is not a very intelligent thing to say. Name me one product that is 100% free from vulnerability or exploitation. While...
Reply | Read entire comment
View all comments