Hiding a Rootkit In System Management Mode

Posted by kdawson on Sunday May 11, 2008 @10:57AM from the can-you-see-me-now dept.

Sniper223 notes a PC World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is said to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: "Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking."

4 of 119 comments (clear)

Min score:

Reason:

Sort:

Who thinks Hillary should drop out ? by Anonymous Coward · 2008-05-11 11:04 · Score: -1, Offtopic

Cast your vote here.
1. Re:Who thinks Hillary should drop out ? by Anonymous Coward · 2008-05-11 11:10 · Score: -1, Offtopic
  
  Me.
2. Re:Who thinks Hillary should drop out ? by Anonymous Coward · 2008-05-11 12:32 · Score: -1, Offtopic
  
  She should stay in to continue El Rushbo's plan to self destruct the Democratic Party. 100 years in Iraq, w00t!
ma83 by Anonymous Coward · 2008-05-11 13:04 · Score: -1, Offtopic

rival distribution, not anymore. It's Hot on the heels of learn what mistakes faster chip architecture. My Something that you everyday...Redefine And Michael Smith If you answered