Article: Vista DRM could hide malware
Shawn
hackers could use to exploit Windows Vista digital rights management
processes to hide malware.
Alex Ionescu claims to have developed the program - D-Pin Purr v1.0 -
that will arbitrarily enable and disable protected processes in Vista,
Microsoft's latest operating system.
Screenshots on Ionescu's blog suggest the program can be run
successfully. Ionescu included stack information related to one of the
processes that is by default protected on Vista. Try to retrieve that
information using Process Explorer and you get an error message. In
Ionescu's screenshot, taken after allegedly removing the protection,
the information is visible.
The binary for the program, which is available for download, is
currently being tested by security experts. Fraser Howard, a principal
virus researcher at security vendor Sophos, told ZDNet UK that the
program looks feasible. At the time of writing Howard had managed to
get it running, but had not managed to successfully protect and
unprotect processes on his machine.
Full story here:
http://news.zdnet.co.uk/security/0,1000000189,39286677,00.htm
Shawn