Re: VM Rootkits: The Next Big Threat? (PC Magazine)


"kurt wismer" <kurtw@xxxxxxxxxxxx> wrote in message news:8NdRf.2780$ng.113676@xxxxxxxxxxxxxxxxxxxxxxxx
Jake Dodd wrote:
"Offbreed" <offbreed_106@xxxxxxxxxxx> wrote in message news:rfCdnUDmXq6q9InZRVn-vA@xxxxxxxxxxxxxxxxxx
Virus Guy wrote:

Only Windows XP is mentioned here. Still waiting to hear about Win-98
root kits.
?? Win98 does not have a "root". Although, there were ways for MS to
hide the contents of directories (desktop.ini).

Whether or not there is a "root" no longer matters. The "root" in rootkit
is only an historical remnant. A malware rootkit is a trojan or trojaned
program, or set of programs, that interact intimately with some system
hardware. Such close relationships with hardware allow the OS to be
subverted. Usually, this subversion takes the form of stealth.

Originally, they were trojan backdoored unix binary executables offering
remote root access to the attacker that installed them. Then sniffers and
stealth capability were added. Now the term applies to *nix loadable
modules and NT filter drivers too, especially if they work to subvert the
system in some way.

well, i certainly disagree
(http://anti-virus-rants.blogspot.com/2006/02/descent-of-rootkits_20.html)...

Nice rant, but I don't really see where you disagree with what I wrote. Think
of what having root really means to the machine in question. Someone having
root can install programs that intimately interact with the system hardware
rather than using the OS as intermediary. Because of this, such programs can
subvert the OS so that all utilities that get information from or about hardware
while using the OS as intermediary become untrustworthy.

In the case of this "new threat", the entire OS is elevated to a VM while the
actual hardware and the so-called "rootkit" act as the platform for it. Now
the OS only "knows" what the rootkit tells it.

and i don't understand why people think technical terminology should be
as malleable as conversational english...

A rootkit wasn't really a technical term, it was like the "bag of tricks" that
Felix the cat used when in a fix. Why write programs interactively through
a shell on a rooted machine when, with a little advance preparation, you
could have a kit ready.


.

Relevant Pages

  • Re: VM Rootkits: The Next Big Threat? (PC Magazine)
    ... A malware rootkit is a trojan or trojaned ... they were trojan backdoored unix binary executables offering ... of what having root really means to the machine in question. ... subvert the OS so that all utilities that get information from or about hardware ...
    (alt.comp.anti-virus)
  • NSA attacks American citizens with hardware rootkits
    ... Evil NSA builds hardware/firmware rootkit chips and solders them onto ... "Firmware rootkits are the most malicious type of malware because they ... This was proved by John Heasman in ACPI ... Va.--PC hardware components can provide a way for hackers ...
    (sci.electronics.design)
  • Re: Java based virus attacks Windows computers, Linux and Mac
    ... a rootkit does not /give/ anyone root access to the machine. ... the rootkit does this by replacing the binaries of a ... The system boots with the root filesystem mounted read/write, ...
    (comp.os.linux.misc)
  • Re: AD Restore disaster please help.........
    ... Usually the problem that occurs on dissimilar hardware is regarding the HAL ... Our AD environment consists of a Win2k3 R2 Forest, with Root domain ... the root and two in the child. ... For the last two days I've been trying to do a restore of the system ...
    (microsoft.public.windows.server.active_directory)
  • Re: Protection against SuckIt rootkit
    ... temporary root access. ... Second the attacker installs a rootkit. ... Then you have to fix that security hole, then wipe and reinstall. ...
    (Debian-User)