Slashdot Mirror


Undetectable Rootkits Through Virtualization?

techmuse writes "eWeek has an article about a prototype rootkit that is implemented using a virtual machine hypervisor running on top of AMD's Pacifica virtualization implementation. The idea is that the target OS, or software running on it, would not be able to detect the rootkit, because the OS would be running virtualized on top of the rootkit. The prototype is supposed to be demonstrated at the Syscan conference and the Black Hat Briefings over the next month."

5 of 237 comments (clear)

  1. ok, but... by celardore · · Score: 3, Funny

    Who runs anything *real* on a virtual server?

  2. the side effects are detactable by Anonymous Coward · · Score: 4, Funny

    Current virtualization doesn't virtualize anything but basic VGA graphics. That's certainly noticable.

    Boss asks: are you playing games at work?!

    Me: Just checking for rootkits boss!

  3. A win-win situation for everyone by KingSkippus · · Score: 3, Funny

    From TFA:

    Rutkowska says of the Blue Pill concept, "I am very excited about the chance to work with Sony on how this technology can be used to protect their next generation of music CDs, DVDs, and high-definition Bluray discs. I believe it will be a win-win situation for everyone involved. Well, everyone important, anyway."
  4. Whoa. Déjà vu. by DysenteryInTheRanks · · Score: 4, Funny

    "A Slashdot article just went by, and then another one that looks just like it!"

    "It's a glitch in the rootkit! It happens when it changes something!"

    "No, I said a SLASHDOT article."

    "Ah, you're probably fine then."

  5. Re:The only defense by jthill · · Score: 4, Funny

    You just think you're booting off that DVD.

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.