Jump to content
Posted 31 October 2010 - 10:45 AM
Posted 01 November 2010 - 08:44 AM
Rootkit: Hypervisor level
Rootkits have been created as Type II Hypervisors in academia only as proofs of concept. By exploiting hardware features such as Intel VT or AMD-V, this type of rootkit runs in Ring -1 and hosts the target operating system as a virtual machine, thereby enabling the rootkit to intercept all hardware calls made by the original operating system. Unlike normal hypervisors, they do not have to load before the operating system, but can load into an operating system before promoting it into a virtual machine. A hypervisor rootkit does not have to make any modifications to the kernel of the target in order to subvert it—however that does not mean to say that it cannot be detected by the guest operating system, as timing differences may for example be detectable in CPU instructions. The "SubVirt" laboratory rootkit, developed jointly by Microsoft and University of Michigan researchers, is an academic example of a virtual machine based rootkit (VMBR), while Blue Pill is another. In 2009, researchers from Microsoft and North Carolina State University demonstrated a hypervisor-layer anti-rootkit called Hooksafe that provides generic protection against kernel-mode rootkits
Blue Pill: The first effective Hypervisor Rootkit
...Blue Pill is the name that Rutkowska gave for this new breed of rootkits that take advantage of AMD’s Pacifica virtualization technology called SVM (Secure Virtual Machine)...
Posted 02 November 2010 - 08:05 AM
Posted 26 May 2013 - 10:37 PM
Posted 29 June 2014 - 07:02 AM
So why are you posting links here?
...This is no longer malware and not my forte.
If you with to proceed I suggest you start a new topic in the Windows 7 Forum
0 members, 0 guests, 0 anonymous users