anandk
Distinguished Member
Microsoft Research and a team from the Univestity of Michigan have developed "Subvirt", a Virtual Machine Based Rootkit 
that is installed underneath the installed operating system. A computer would boot the rootkit, whitch in it's turn would load the existing operating system in a virtual machine. While the user unknowingly works in that virtual environment, a second, hidden virtual machine would perform all kind of devious tasks. A rootkit like this would be independant of the operating system, meaning it could work on windows, linux etc..
more at
*www.eecs.umich.edu/virtual/papers/king06.pdf
*www.eweek.com/article2/0,1895,1936666,00.asp
*research.microsoft.com/csm/CSM_Publications.htm
understandibly, the IT security world is in something of an uproar - there's a lot of discussion about a supposedly undetectable rootkit which uses virtual machine technology. Such SUPER (VM) ROOTKITS as they are being called will usher in a new dimensuion of malware ! Its deception techniques are said to be so good that at one point even its creators had difficulties unmasking it !
An unsuspecting person working on his seemingly clean computer, is sure to get a shock if he were to know that the super-rootkit had become active inconspicuosly...
Though MS has kept the super-rootkit under lock-n-key wonder how long it will take for hackers to introduce its variant on the net...
Time to get set for a cool new ride, ehh !
The news is slightly old, but did not see it covered here.
that is installed underneath the installed operating system. A computer would boot the rootkit, whitch in it's turn would load the existing operating system in a virtual machine. While the user unknowingly works in that virtual environment, a second, hidden virtual machine would perform all kind of devious tasks. A rootkit like this would be independant of the operating system, meaning it could work on windows, linux etc..more at
*www.eecs.umich.edu/virtual/papers/king06.pdf
*www.eweek.com/article2/0,1895,1936666,00.asp
*research.microsoft.com/csm/CSM_Publications.htm
understandibly, the IT security world is in something of an uproar - there's a lot of discussion about a supposedly undetectable rootkit which uses virtual machine technology. Such SUPER (VM) ROOTKITS as they are being called will usher in a new dimensuion of malware ! Its deception techniques are said to be so good that at one point even its creators had difficulties unmasking it !
An unsuspecting person working on his seemingly clean computer, is sure to get a shock if he were to know that the super-rootkit had become active inconspicuosly...
Though MS has kept the super-rootkit under lock-n-key wonder how long it will take for hackers to introduce its variant on the net...
Time to get set for a cool new ride, ehh !
The news is slightly old, but did not see it covered here.
