funsec mailing list archives
Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 18 Oct 2006 00:17:38 -0700
Larry Seltzer wrote:
Isn't any operating system vulnerable to hypervisor-based malware?
Yes, if you're running on hardware that has a supervisor mode at least one level deeper than the OS itself uses. And you can get to the privilege mode that allows you to load such a hypervisor.
For modern OSes and Intel/AMD processors that support their new hardware virtualization feature, you can load a hypervisor module if you can run from Ring 0, aka the kernel.
It's decades old on IBM hardware. Or you can consider Windows 95 to be a hypervisor for DOS.
BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Fergie (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Valdis . Kletnieks (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Blue Boar (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 17)
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Larry Seltzer (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Blue Boar (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Blue Boar (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 18)
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Larry Seltzer (Oct 17)
- <Possible follow-ups>
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Larry Seltzer (Oct 17)
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Fergie (Oct 17)