ad

Home » , , » The Threat: A Hypervisor-Based Rootkit

The Threat: A Hypervisor-Based Rootkit

Written By NEO on 5/20/2011 | 5/20/2011 03:41:00 ÖS


The Threat: A Hypervisor-Based Rootkit

The threat, which was the subject of two presentations at Black Hat 2006, is that someone with administrator privileges on a system that has hardware-assisted virtualization enabled and no virtualization software installed can install a hypervisor-based rootkit. This hypervisor-based rootkit would then be running at a higher privilege level than the operating system itself. The advantage that a hypervisor-based rootkit offers to an attacker is the reduced ability of legitimate kernel-mode code to detect the attacker's hypervisor-mode code.
A system that has a legitimate hypervisor installed is not susceptible to this attack, because as soon as a hypervisor has enabled and used the processor virtualization extensions, a second hypervisor cannot use the extensions.

0 comment:

Yorum Gönder