14 DAY TRIAL // Security researcher Alex Ionescu has made available for download a program he authored himself called D-Pin Purr v1.0, designed to exploit the digital rights management processes in Windows Vista in order to camouflage malware. Although Ionescu is offering the proof-of-concept utility, he has not released the source code.
"I won't be releasing source code for the moment because I don't want to encourage people to start adding this kind of code into their own malware programs, nor to encourage the Symantec folks to start unprotecting every process on the system. So until then, have fun with the tool, whether it is to explore previously protected processes, or to try out various system and application behavior when certain processes are made protected," Ionescu said and he even pointed to the image included towards the bottom as proof that D-Pin Purr v1.0 was successful in unprotecting audiodg.exe.
According to Ionescu, D-Pin Purr v1.0 essentially allows the protected processes in Windows Vista to be disabled and enabled arbitrarily. As of now, Microsoft has failed to comment on the validity of Ionescu's tool but security experts are analyzing D-Pin Purr v1.0.
"It is trivial to make a process protected or unprotected by bypassing all the Code Integrity checks and sandbox in which protected processes are supposed to run. I wrote a small application which I called D-Pin Purr which does exactly this. I tried it on the only two protected processes I know on Vista (audiodg.exe and mfpmp.exe)," Ionescu explained.
Fraser Howard, principal virus researcher with security developer Sophos revealed that - in his opinion - D-Pin Purr v1.0 is a legitimate tool for the removal of protection in Windows Vista. However, Howard did not present a final conclusion as the utility is still being investigated.
