An Old Idea Returns for Building a Better Rootkit

An Old Idea Returns for Building a Better Rootkit

Fetched: March 14th, 2006, 9:58am CST
Tags
 
SubVirt is a new proof-of-concept rootkit created by Microsoft Research and the University of Michigan. The idea is to install a rootkit that inserts itself at a lower level than the OS and then give the user a virtual machine environment that if successful, looks just like their own. An inexperienced user then might never realize that they aren’t really in control, and all of their software defenses might not realize it either.

Rootkit_with_borders

Why is Microsoft building a better rootkit? We aren’t too sure, but to paraphrase this eWeek article published on the 10th, Microsoft hopes to use the perspective of the attacker to better understand the needs of the defender. It sounds to us a bit like the scientists that were researching nuclear fission without really thinking about the final use for the bomb that they were helping to build.

In any case the concept isn’t entirely new. In 1993, PMBS was discovered, a stealth virus as they were termed at the time. PMBS was a boot virus that traveled via infected floppy disks. Once it infected a machine, it copied itself into extended memory, switched the computer into protected mode and ran virtual V86 machine. DOS and other applications where then run from that virtual PC.

On 14/03/06 At 08:23 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: