Linked by Thom Holwerda on Sat 11th Mar 2006 21:24 UTC
Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system.
Thread beginning with comment 103684
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2005-07-06
thing is to basicly make windows think its still running directly on the hardware, while in reality its talking thru the "VM".
this way i think the label VM is a bit misleading. more correctly we are talking about a kind of software keylogger thats monitoring all the hardware access that your software is doing. its there, only that your not emulating a specific set of hardware, your just passing the signals on (after logging them and potentialy sending them on to whoever made the logger) to the existing hardware wholesale.
atleast thats my theory about how to pull it off...