FYI: Virtual machine rootkits proof-of-concept

From: Ron Crane <voting_at_lastland_dot_net>
Date: Fri Jun 30 2006 - 15:02:39 CDT
Microsoft Research has demonstrated a rootkit that inserts a virtual machine monitor between an operating system (e.g., Windows) and the CPU on which it runs. The rootkit then uses this privileged position to force the OS to do whatever the rootkit's creator wants.

http://www.eweek.com/article2/0,1895,1936666,00.asp

This is closely analogous to the malware loader I and others described in _A Deeper Look: Rebutting Shamos on e-Voting_ at s.3.1.2 (http://www-db.stanford.edu/pub/keller/2006/Shamos-rebuttal.pdf). In a voting machine, the machine's firmware could play the role of the rootkit, and the voting application the role of the OS under attack.

-R

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Jun 30 23:17:12 2006

This archive was generated by hypermail 2.1.8 : Fri Jun 30 2006 - 23:17:12 CDT