Monday, May 16, 2022
  • Home

An Old Idea Returns for Building a Better Rootkit-SubVirt

March 16th, 2006 by Patrick S

SubVirt is a new proof-of-concept rootkit created by Microsoft Research and the University of Michigan. The idea is to install a rootkit that inserts itself at a lower level than the OS and then give the user a virtual machine environment that if successful, looks just like their own. An inexperienced user then might never realize that they aren’t really in control, and all of their software defenses might not realize it either-because its state cannot be accessed by security software running in the target system.

For example, a code execution flaw could be exploited to gain root or administrator rights to manipulate the system boot sequence.

Once the rootkit is installed, it can use a separate attack operating system to deploy malware that is invisible from the perspective of the target operating system. 

Why is Microsoft building a better rootkit? not too sure, but to paraphrase this eWeek article published on the 10th, Microsoft hopes to use the perspective of the attacker to better understand the needs of the defender. It sounds to us a bit like the scientists that were researching nuclear fission without really thinking about the final use for the bomb that they were helping to build.

Source: eWeek & F-Secure

I have included a PDF about subvirt and how it works-quite interesting:

 subvirt.pdf -Source EECS

Posted in MS News, Security | 1 Comment »

This entry was posted on Thursday, March 16th, 2006 at 11:09 pm and is filed under MS News, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response

  1. Calibro Says:

    I can’t understand why Microsoft is disclosing thise dangerous ideas to the bad guys…