|
|
|
|
|
|
| Author |
Message |
John
*nix forums addict
Joined: 05 Mar 2005
Posts: 59
|
 Posted: Wed Jul 12, 2006 7:32 pm Post subject:
Undetectable rootkits?
|
|
|
"eWeek has an article about a prototype rootkit that is implemented using
a virtual machine hypervisor running on top of AMD's Pacifica
virtualization implementation. The idea is that the target OS, or software
running on it, would not be able to detect the rootkit, because the OS
would be running virtualized on top of the rootkit. The prototype is
supposed to be demonstrated at the Syscan conference and the Black Hat
Briefings over the next month."
Here is the url:
http://it.slashdot.org/article.pl?sid=06/06/29/2111208
Is it correct to say that if you don't run virtualization software of any
kind you are not subject to this risk? |
|
| Back to top |
|
 |
Jay C. James
*nix forums beginner
Joined: 06 Dec 2005
Posts: 12
|
| Posted: Wed Jul 12, 2006 9:26 pm Post subject:
Re: Undetectable rootkits?
|
|
|
"John" <John@somewhere.com> wrote in message
news:pan.2006.07.12.19.37.50.753606@somewhere.com...
| Quote: |
"eWeek has an article about a prototype rootkit that is implemented using
a virtual machine hypervisor running on top of AMD's Pacifica
virtualization implementation. The idea is that the target OS, or software
running on it, would not be able to detect the rootkit, because the OS
would be running virtualized on top of the rootkit. The prototype is
supposed to be demonstrated at the Syscan conference and the Black Hat
Briefings over the next month."
Here is the url:
http://it.slashdot.org/article.pl?sid=06/06/29/2111208
Is it correct to say that if you don't run virtualization software of any
kind you are not subject to this risk?
|
Well, from the details of the original uncompressed item (not found in
news aggregators such as eWeek or Slashdot, and now I guess even Usenet),
it appeared as if you dont even have to run virtualization software.
Pacifica also appears to use whats being referred to as hardware
virtualization
assistance. Perhaps the hypervisor is accessed initially via those x86
extensions.
So, if you are a proud owner of this stuff, its not in the virtualization
element
per se, or in the running of it, because the issue looks to lie within the
hypervisor
itself.
Hopefully someone with more or updated info will chime in.
jcj |
|
| Back to top |
|
|
John Thompson
*nix forums Guru Wannabe
Joined: 12 Mar 2005
Posts: 164
|
| Posted: Thu Jul 13, 2006 5:05 am Post subject:
Re: Undetectable rootkits?
|
|
|
On 2006-07-12, John <John@somewhere.com> wrote:
| Quote: | Is it correct to say that if you don't run virtualization software of any
kind you are not subject to this risk?
|
No. The rootkit installs its own virtualization software.
--
John (john@os2.dhs.org) |
|
| Back to top |
|
|
chris-usenet@roaima.co.uk
*nix forums Guru Wannabe
Joined: 21 Jul 2005
Posts: 127
|
| Posted: Fri Jul 14, 2006 9:25 am Post subject:
Re: Undetectable rootkits?
|
|
|
On 2006-07-12, John <John@somewhere.com> wrote:
| Quote: | Is it correct to say that if you don't run virtualization software of any
kind you are not subject to this risk?
|
John Thompson <john@vector.os2.dhs.org> wrote:
| Quote: | No. The rootkit installs its own virtualization software.
|
As far as I've been able to tell, it's not possible to run a virtualised
system on top of another virtualised system.
So this suggests to me that if you /are/ running your own virtualisation
software (qemu, uml, vmware, etc.) then it will fail to run, thereby
alerting you to the fact that your host OS is already virtualised.
Chris |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sun Nov 23, 2008 11:34 am | All times are GMT
|
|
Hypotonic Cerebral Palsy | Credit Card | Internet Advertising | Bit Torrent Sites | Credit Card
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
security
