Linked by Thom Holwerda on Sat 11th Mar 2006 21:24 UTC
Privacy, Security, Encryption Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system.
Permalink for comment 104165
To read all comments associated with this story, please click here.
by lanjoe9 on Tue 14th Mar 2006 04:58 UTC
Member since:

Ok, suppose there IS a way to get out of the VM.
Next you've got the operating system's security. A well designed OS should not let you mess with the booting process just like so.. or at least, that's what I think...

Linux/GNU and BSD definitely don't let you mess with stuff...

And the vm would slow things down, so some people I think would notice..

Now let's talk about something more interesting, the ultimate r00tkit... someone comes into your house and plugs your monitor into a malware-infested cpu of theirs... the average user shouldn't be able to tell the difference, right?

Reply Score: 1