On the heels of an EUSecWest conference presentation on malicious rootkits for Cisco IOS (see background), Cisco's security response team has published a must-read document confirming that stealthy malware can be loaded on the software used on the vast majority of its routers and network switches.

Cisco warns:

It is possible that an attacker could insert malicious code into a Cisco IOS software image and load it onto a Cisco device that supports that image. This attack scenario could occur on any device that uses a form of software, given a proper set of circumstances.

The company’s confirmation follows a technical discussion by Core Security researcher Sebastian Muniz of “Da IOS Rootkit,” which is basically a binary modification to the IOS image downloaded from the device.

Full Article