Undetectable Rootkits Through Virtualization?

← Back to Stories (view on slashdot.org)

Undetectable Rootkits Through Virtualization?

Posted by ryuzaki0 on Thursday June 29, 2006 @10:28AM from the two-rooted-plants-die dept.

techmuse writes "eWeek has an article about a prototype rootkit that is implemented using a virtual machine hypervisor running on top of AMD's Pacifica virtualization implementation. The idea is that the target OS, or software running on it, would not be able to detect the rootkit, because the OS would be running virtualized on top of the rootkit. The prototype is supposed to be demonstrated at the Syscan conference and the Black Hat Briefings over the next month."

13 of 237 comments (clear)

Min score:

Reason:

Sort:

ok, but... by celardore · 2006-06-29 10:31 · Score: 3, Funny

Who runs anything *real* on a virtual server?
1. Re:ok, but... by Anonymous Coward · 2006-06-29 11:40 · Score: 1, Funny
  
  Are you kidding? Virtually everyone!
2. Re:ok, but... by Phleg · 2006-06-29 17:42 · Score: 2, Funny
  
  --> The Joke <--
  
  --> Your Head <--
  
  --
  No comment.
the side effects are detactable by Anonymous Coward · 2006-06-29 10:41 · Score: 4, Funny

Current virtualization doesn't virtualize anything but basic VGA graphics. That's certainly noticable.

Boss asks: are you playing games at work?!

Me: Just checking for rootkits boss!
A win-win situation for everyone by KingSkippus · 2006-06-29 10:48 · Score: 3, Funny

From TFA:

Rutkowska says of the Blue Pill concept, "I am very excited about the chance to work with Sony on how this technology can be used to protect their next generation of music CDs, DVDs, and high-definition Bluray discs. I believe it will be a win-win situation for everyone involved. Well, everyone important, anyway."
Towards a runtime for Voight-Kampff machines by Elwood+P+Dowd · 2006-06-29 10:56 · Score: 2, Funny

"Is this testing whether I'm a virtual machine or a lesbian, Mr. Dowd?"

--

There are no trails. There are no trees out here.
Whoa. Déjà vu. by DysenteryInTheRanks · 2006-06-29 11:21 · Score: 4, Funny

"A Slashdot article just went by, and then another one that looks just like it!"

"It's a glitch in the rootkit! It happens when it changes something!"

"No, I said a SLASHDOT article."

"Ah, you're probably fine then."
Re:The only defense by Anonymous Coward · 2006-06-29 11:54 · Score: 1, Funny

Are you staring blankly at me?
No, I'm staring at you like you're an effing loon who doesn't know what the hell he's talking about.
DRM? by sr180 · 2006-06-29 12:10 · Score: 2, Funny

Can we use this to bypass the DRM included in Vista?

--
In Soviet Russia the insensitive clod is YOU!
What's that you say? by kimvette · 2006-06-29 12:30 · Score: 2, Funny

The next version of WGA will be undetectable? Thanks, Microsoft! ;)

--
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Re:Everyone but you... by Distinguished+Hero · 2006-06-29 12:35 · Score: 2, Funny

I don't think they realised the 'small details' they would be impacting. For instance, before the 'upgrade' if the network went down, we could write some letters, work on some spreadsheets etc... Now with the new 'upgrade', if the network goes down, we can't do anything. Not even write a letter, send an email, none of that stuff....

Yes, gone are the wonderful days of yore when one used to be able to pass the time while the network was down by "sending an email." :P

--
Uttering logically derived and empirically supported truths to the disciples of the orthodox establishment.
Re:The only defense by jthill · 2006-06-29 13:15 · Score: 4, Funny

You just think you're booting off that DVD.

--
As always, all IMO. Insert "I think" everywhere grammatically possible.
Shhhhhhhhh....... by DiscoDave_25 · 2006-06-29 23:55 · Score: 2, Funny

Please don't let Sony hear...