Virtual Machine Rootkits
Eweek covers a paper (“SubVirt: Implementing malware with virtual machines“ [link to http://www.eecs.umich.edu/Rio/papers/king06.pdf no longer works] ) coming out of Microsoft and UMichigan in “VM Rootkits: The Next Big Threat? [link to http://www.eweek.com/article2/0,1895,1936672,00.asp no longer works] . Joanna Rutkowska gives some thoughts in a post to Daily Dave, “redpill vs. Microsoft rootkit….” [link to http://archives.neohapsis.com/archives/dailydave/2006-q1/0220.html no longer works]
My take is its good to see Microsoft working on this sort of research, and thinking about future issues. The ideal is that we see a lot of these sorts of papers, and the threats never turn large scale, because the threat research has enabled defensive research.
It’s even better to see Microsoft talking about this work in public. The “keep it secret” crowd took twenty years to not fix the buffer overflow problem before Aleph published “Smashing the Stack for Fun and Profit.” Since then, we’ve gotten StackGuard (and derivatives), RATS (and derivatives), address randomization, and probably other techniques.
So let’s talk about the problems. It helps.
This tells about it being done years ago sort of in viriis…
http://www.f-secure.com/weblog/archives/archive-032006.html#00000834
Thanks!
That really makes the point well–if you publish instead of keeping such research secret, the state of the art advances.