VM Rootkits: The Next Threat

I found this a reference to this article on slashdot(link). It describes how researchers at Microsoft Research have combined virtualization technology and rootkits to run spyware and malware on a target computer. The idea is is still in a proof-of-concept, but with open-source virtual machines like Xen and how-to guides for making rootkits, I dont think that hackers will be far behind in figuring how to exploit this.According to the article.

The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK.

Today, anti-rootkit clean-up tools compare registry and file system API discrepancies to check for the presence of user-mode or kernel-mode rootkits, but this tactic is useless if the rootkit stores malware in a place that cannot be scanned.

“We used our proof-of concept [rootkits] to subvert Windows XP and Linux target systems and implemented four example malicious services,” the researchers wrote in a technical paper describing the attack scenario.

“[We] assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits,” said the paper, which is co-written by researchers from the University of Michigan.

…Read the article to find out more.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: