If you want to know about the latest malicious rootk-it, ask security researcher Dino Dai Zovi. He'll tell you all about his proof-of- concept rootkit called Vitriol that uses virtual machine instructions in Intel processors to hide a rootkit at the virtualization layer. He presented this information at BlackHat 2006, the same conference at which Joanna Rutkowski demonstrated her BluePill virtual rootkit that exploited AMD processors. The good news is that neither rootkit has shown up in the wild. And Dai Zovi says such a hack is not imminent. The bad news: He says these hacks haven't been unleashed on unsuspecting enterprise networks because existing rootkits are working so well that there's no need for hackers to develop more devious attacks. "If I'm an attacker and my user and kernel rootkits work 80% of the time, then why go create a virtual rootkit, which is infinitely harder to deploy?" asks Mike Dalton, CTO at Revelogic.
展开▼
机译:如果您想了解最新的恶意rootk-it,请询问安全研究员Dino Dai Zovi。他将向您介绍名为Vitriol的概念证明rootkit,该rootkit使用Intel处理器中的虚拟机指令在虚拟化层隐藏rootkit。他在BlackHat 2006(乔安娜·鲁特科夫斯基(Joanna Rutkowski)演示其利用AMD处理器的BluePill虚拟rootkit)的同一会议上介绍了这些信息。好消息是,rootkit都没有出现在野外。戴佐维(Dai Zovi)说,这样的黑客攻击并非迫在眉睫。坏消息:他说这些黑客并未在毫无戒备的企业网络上发动攻击,因为现有的Rootkit运行良好,以至于无需黑客进行更狡猾的攻击。 “如果我是攻击者,并且我的用户和内核rootkit的工作时间达80%,那么为什么要创建一个虚拟的rootkit,这将更难以部署?”问Revelogic的CTO Mike Dalton。
展开▼
