Slashdot Mirror


Undetectable Rootkits Through Virtualization?

techmuse writes "eWeek has an article about a prototype rootkit that is implemented using a virtual machine hypervisor running on top of AMD's Pacifica virtualization implementation. The idea is that the target OS, or software running on it, would not be able to detect the rootkit, because the OS would be running virtualized on top of the rootkit. The prototype is supposed to be demonstrated at the Syscan conference and the Black Hat Briefings over the next month."

3 of 237 comments (clear)

  1. the side effects are detactable by Anonymous Coward · · Score: 4, Funny

    Current virtualization doesn't virtualize anything but basic VGA graphics. That's certainly noticable.

    Boss asks: are you playing games at work?!

    Me: Just checking for rootkits boss!

  2. Whoa. Déjà vu. by DysenteryInTheRanks · · Score: 4, Funny

    "A Slashdot article just went by, and then another one that looks just like it!"

    "It's a glitch in the rootkit! It happens when it changes something!"

    "No, I said a SLASHDOT article."

    "Ah, you're probably fine then."

  3. Re:The only defense by jthill · · Score: 4, Funny

    You just think you're booting off that DVD.

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.