Stoned Bootkit

Stoned Bootkit is a research and scientific bootkit. It is loaded before Windows starts and is memory resident. Thus Stoned is executed beside the Windows kernel and has full access to the entire system. It gives the user back the control to the system, which was taken off by Windows Vista with the signed driver policy.

Stoned allows to load unsigned drivers, which is useful for hardware engineers and testers. You can also use it to create your own boot application, for example diagnostic tools or other solutions like backup, system restoration, etc.

The new thing about Stoned is that there is now a bootkit attacking all Windows versions from XP up to 7 and bypassing TrueCrypt's full volume encryption. Previous bootkits like the BootRoot which was presented at Black Hat USA 2005 or vbootkit from Black Hat Europe 2007 were only dedicated operating system attacks; however, my bootkit is now attacking multiple systems. I want to point out that my bootkit is not based on any other; however, there is great research work from other researchers and Black Hat speakers available.

Finally it is Stoned's one and single target to be the most sophisticated bootkit. It can also be used for malware developers to get full access to the system. It should be the most used bootkit in the wild for 2010. If you have any questions or concerns, please do not hesitate to contact me.