The Vitriol VM Rootkit is Unguarded
'Vitriol machine-based rootkits' make malware-hiding even stronger and can while command a target operating system.
Every innovation is accompanied with a drawback, sometimes caustic in nature. A 'virtual machine rootkit' that can convert Windows into a 'virtual machine' (VM) was put before the audience at Microsoft's recent 'Blue Hat Hacker Conference'. Dino Dai Zovi, a security specialist developed this rootkit named 'Vitriol'. This rootkit uses Virtualization Technology (VT-x) of Intel (VT-x was formerly known as 'Vanderpool').
The 'Vitriol rootkit' is capable of transforming a running operating system into a 'hardware virtual machine' and load itself as a 'rootkit hypervisor'. The malware then gets beyond access of the operating system, spreading stealth and becoming more treacherous. Virus scanners and rootkit tracers become helpless in protecting systems against such rootkits. Also, Vista's new 'PatchGuard' and 'driver signature kernel' protection, too, cannot function for '4-bit systems'.
Virtualization extensions of CPU supported by hardware like Intel's VT-x permit simultaneous running of multiple OS and without alterations on same processor. The extensions are extremely helpful to multiple-operating systems computing, as they also offer useful abilities to rootkit creators.
The popularity of VMs is growing. Its benefits are numerous while the drawbacks are numbered. One of the problems is related to the high cost of acquiring hardware to push up VM power.
The ongoing progress in developing ways to wrongfully seize VM technology for stealthy and treacherous purposes is definitely active, which requires security professionals to make inroads outpacing the culprits.
Related article: THE SPAM MAFIA
» SPAMfighter News - 25-10-2006