VM Rootkits: The Next Big Threat?
By Ryan Naraine
March 10, 2006
Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits...The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system..."We used our proof-of concept [rootkits] to subvert Windows XP and Linux target systems and implemented four example malicious services...
Full read here.