Linked by Thom Holwerda on Sat 11th Mar 2006 21:24 UTC
Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system.
Thread beginning with comment 103681
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-06
Remember that the Sony rootkit didn't have drivers for every piece of hardware it could conceivably run on. That would be insane for anyone but a dominant OS vendor. Instead, the Sony RK merely embedded itself into the Windows kernel in a way, so that it wouldn't be easily detectable. A RK doesn't need to take over all the hooks into the OS, it merely needs to be able to intercept certain communications to the kernel, and be hidden.