|
|
| Author: Matija Vidmar |
In the last few years the most dangerous computer viruses are disappearing. Macro viruses and script viruses are almost extinct.
But in the meantime there was an increase of trojan, backdoor, rootkit and spyware which can be used to remotely control a pc. There was an increment of malware that includes spyware programs from 54.2% to 66.4%.
Rootkits are becoming famous. They are used by virus writers to remotely control infected computers and use them for stealing money and perform DDOS attacks.
In the Windows world the rootkit term is usually used to describe viruses and malware programs that use a special technique to hide into the system environment. In Unix environment, rootkits are usually rewritten tools of the operating system that are used to hide data from the users. For example the ls command can be rewritten so that it doesn't show certain files.
There exist user-mode rootkits and kernel-mode rootkits. User-mode rootkits are basically normal processes that can be easily detected and eliminated. Kernel-mode rootkits are hidden inside of the operating system itself and caan be very hard to detect and eliminate.
SubVirt is the name of a research project directed by Microsoft with the help of the University of Michigan. Currently malware software and detection software have both control of the system at kernel-mode level. Virus writers are trying to find the best way to hide their malware in front of detection software and maintain at the same time the have maximum control over the machine.
The result of this research is the VMBR, Virtual Machine Based Rootkit. A Virtual Machine is a special software layer that works between the hardware and the operating system. On a Virtual Machine also the operating system runs in user mode. The rootkit would install itself between the operating system and the hardware and would have a total control of the system.
In order to work, the VMBR needs to start up before the operating system, so it's necessary to modify the Master Boot Record in order to make it work. At computer startup the Virtual Machine would start and then it would run the operating system in a virtual environment. Potentially it can run two operating systems at the same time, the user's Windows and a specially crafted malware operating system that would be invisible to the Windows system and to the user.
The problem with this type of malware software is that it would slow down the system. During their tests Microsoft noticed that the system sturtup takes about 30 seconds more with the Virtual Machine and it eats about 3% of system resources.
It's also important to point out that the virtual machines that Microsoft used had the size of about 100 megabytes, which is too much to fit in a common MBR.
The entire dossier can be downloaded at http://www.eecs.umich.edu/~pmchen/papers/king06.pdf |
Author Bio:
The author, Matija Vidmar, can show you more tricks for your Google Adwords campaign at www.intelli-response.com/matija/adwords.php |
| You can also reach this article by using: network security, firewalls, computer network security, network security software, free firewalls |
|
|
|
| |
|
| |
| These days how many ways do we have to "talk" to each other? Instant messaging, mobile text messagin ... - Saro Saravanan |
| |
| Here are 12 surprising ways you can earn money from your online business. I can almost guarantee you ... - Kevin Bidwell |
| |
|
|
| Do you think that all great -- even single-worded -- domain names are taken? What you are about to l ... - James Liburd |
| |
|
Computers often break down at the worst of all times. These problems can be averted, or at least min ... - Jennifer Bailey |
| |
|
After you earn your CCNA, you've got some tough choices as to which certification to pursue next. Ch ... - Chris Bryant |
| |
|
R&B ringtones continue to be some of the most popular and most downloaded ring tones in the mark ... - Philip Nicosia |
| |
|
| |
|
|
Site Home
