A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems. ...The technique effectively bypasses a crucial anti-rootkit policy change coming in Windows Vista that requires kernel-mode software to have a digital signature to load on x64-based systems.
The idea of a virtual machine rootkit isn't entirely new. Researchers at Microsoft Research and the University of Michigan have created a VM-based rootkit called "SubVirt" that is nearly impossible to detect because its state cannot be accessed by security software running in the target system. ...
"The idea behind Blue Pill is simple: your operating system swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill hypervisor. This all happens on-the-fly (i.e. without restarting the system) and there is no performance penalty and all the devices," she explained. - eweek
Coming soon: 100% undetectable monitoring of everything everyone does on a computer.
No comments:
Post a Comment