VM Rootkits: The Next Big Threat?

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.

The proof of concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.

Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK. VM Rootkits: The Next Big Threat?

Linked by shanmuga Friday, 10th March 2006 11:25PM