Microsoft Research Warn About VM-Based Rootkits

Tenacious Hack writes "According to a story on eWeek, lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and maintaining control of a target OS. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system."

Please Stop

[cgenman]

I definitely agree that security minded individuals should find ways of attacking systems in order to find defences against them. Nearly all software holes are found this way, and are patched within weeks of discovery.

But this seems excessive. We're just starting to hear about real Windows based rootkits in the wild, and a front page Slashdot article gives everyone and their mother an exploit route that is both nasty, nearly impossible to protect against, and hasn't been seen in the wild.

Please Stop. Find a good, solid fix... or find code in the wild, then post about it.

--This post intentionally left inflamatory. Please let me know where I'm wrong.

Re:Conclusion from Paper

[kurzweilfreak]

porn dial... install maleware...

Mod this redundant? :P