Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

The Vitriol VM Rootkit is Unguarded

'Vitriol machine-based rootkits' make malware-hiding even stronger and can while command a target operating system.

Every innovation is accompanied with a drawback, sometimes caustic in nature. A 'virtual machine rootkit' that can convert Windows into a 'virtual machine' (VM) was put before the audience at Microsoft's recent 'Blue Hat Hacker Conference'. Dino Dai Zovi, a security specialist developed this rootkit named 'Vitriol'. This rootkit uses Virtualization Technology (VT-x) of Intel (VT-x was formerly known as 'Vanderpool').
'Vitriol' compromises a system by playing the host Operating System after transforming the actual host operating system into a guest OS, all without the PC user's knowledge. The Windows or Linux, once converted into a VM, can neither detect the rootkit nor remove it. The group delivered a presentation at the 'Black Hat Conference', Las Vegas.

The 'Vitriol rootkit' is capable of transforming a running operating system into a 'hardware virtual machine' and load itself as a 'rootkit hypervisor'. The malware then gets beyond access of the operating system, spreading stealth and becoming more treacherous. Virus scanners and rootkit tracers become helpless in protecting systems against such rootkits. Also, Vista's new 'PatchGuard' and 'driver signature kernel' protection, too, cannot function for '4-bit systems'.

Virtualization extensions of CPU supported by hardware like Intel's VT-x permit simultaneous running of multiple OS and without alterations on same processor. The extensions are extremely helpful to multiple-operating systems computing, as they also offer useful abilities to rootkit creators.
'Virtual machine rootkits' have emerged in the past too. Developers at 'Microsoft Research' and the 'University of Michigan' have authored a 'VM-based rootkit' called "SubVirt". It is impossible to detect this rootkit because the security software running in the infected system just cannot access it.

The popularity of VMs is growing. Its benefits are numerous while the drawbacks are numbered. One of the problems is related to the high cost of acquiring hardware to push up VM power.

The ongoing progress in developing ways to wrongfully seize VM technology for stealthy and treacherous purposes is definitely active, which requires security professionals to make inroads outpacing the culprits.

Related article: THE SPAM MAFIA

» SPAMfighter News - 25-10-2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next