funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit

From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 18 Oct 2006 10:09:06 -0400
On 10/18/06, Blue Boar <BlueBoar () thievco com> wrote:

Larry Seltzer wrote:
> Isn't any operating system vulnerable to hypervisor-based malware?

Yes, if you're running on hardware that has a supervisor mode at least
one level deeper than the OS itself uses.  And you can get to the
privilege mode that allows you to load such a hypervisor.

For modern OSes and Intel/AMD processors that support their new hardware
virtualization feature, you can load a hypervisor module if you can run
from Ring 0, aka the kernel.

It's decades old on IBM hardware.  Or you can consider Windows 95 to be
a hypervisor for DOS.



Are all hypervisors considered to be Operating Systems? Are the
creators writing their own kernel and such?

just wondering,

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: