[cap-talk] Virtual Machine Based Rootkits
Karp, Alan H
alan.karp at hp.com
Thu Aug 3 12:31:15 EDT 2006
Joanna Rutkowska is the name I've seen associated with this attack,
which is frequently called Blue Pill, from the Matrix. She has
demonstrated a running version on Vista x64 and is presenting at Black
Hat today. According to reports, she was able to install the rootkit on
a running system, no reboot required.
http://www.eweek.com/article2/0,1895,1983037,00.asp is a news article on
the subject.
The key point is that you're both right. You are safer if you use a
virtual machine to run Windows. However, if your base system gets
infected, virtualizability assures that there is no mechanism by which
the OS can detect the attack.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20060803/6dc8512c/attachment.vcf
More information about the cap-talk
mailing list