SubVirt - the prototype of the next generation malware

SubVirt - the prototype of the next generation malware

In the last few years the most dangerous computer viruses are disappearing. Macro viruses and script viruses are almost extinct. But in the meantime there was an increase of trojan- backdoor- root Contd...

In the last few years the most dangerous computer viruses are disappearing. Macro viruses and script viruses are almost extinct.

But in the meantime there was an increase of trojan- backdoor- rootkit and spyware which can be used to remotely control a pc. There was an increment of malware that includes spyware programs from 54.2% to 66.4%.

Rootkits are becoming famous. They are used by virus writers to remotely control infected computers and use them for stealing money and perform DDOS attacks.
In the Windows world the rootkit term is usually used to describe viruses and malware programs that use a special technique to hide into the system environment. In Unix environment- rootkits are usually rewritten tools of the operating system that are used to hide data from the users. For example the ls command can be rewritten so that it doesn’t show certain files.

There exist user-mode rootkits and kernel-mode rootkits. User-mode rootkits are basically normal processes that can be easily detected and eliminated. Kernel-mode rootkits are hidden inside of the operating system itself and caan be very hard to detect and eliminate.

SubVirt is the name of a research project directed by Microsoft with the help of the University of Michigan. Currently malware software and detection software have both control of the system at kernel-mode level. Virus writers are trying to find the best way to hide their malware in front of detection software and maintain at the same time the have maximum control over the machine.
The result of this research is the VMBR- Virtual Machine Based Rootkit. A Virtual Machine is a special software layer that works between the hardware and the operating system. On a Virtual Machine also the operating system runs in user mode. The rootkit would install itself between the operating system and the hardware and would have a total control of the system.

In order to work- the VMBR needs to start up before the operating system- so it’s necessary to modify the Master Boot Record in order to make it work. At computer startup the Virtual Machine would start and then it would run the operating system in a virtual environment. Potentially it can run two operating systems at the same time- the user’s Windows and a specially crafted malware operating system that would be invisible to the Windows system and to the user.
The problem with this type of malware software is that it would slow down the system. During their tests Microsoft noticed that the system sturtup takes about 30 seconds more with the Virtual Machine and it eats about 3% of system resources.

It’s also important to point out that the virtual machines that Microsoft used had the size of about 100 megabytes- which is too much to fit in a common MBR.

The entire dossier can be downloaded at http://www.eecs.umich.edu/~pmchen/papers/king06.pdf

tagged

Related Articles:

• Worm_Grew.A Threat, Hype, or Dud?
  The Worm_Grew.A Virus Got Allot Of Attention ---------------------------- The 3rd has come and gone. What has been the real effect or impact of the “WORM_GREW.A (Also know as Nyxem- BlackMal- MyWif
  


• Protect Privacy With Bug Detectors
  Do you have a reason to believe that there may be bug detectors hidden on the premises? Are you not in your own home or work environment- where you can easily keep track of whether or not a bug has
  


• The Usefulness of Covert Listening Devices
  Covert listening devices are among the most useful pieces of spy equipment available. They are relatively easy to come by- and they can be very reasonably priced. Covert listening devices can allow
  


• What Are Intrusion Detection Systems?
  With computer hackers and identity thieves getting more computer literate- the security your computer needs to keep them out has to always stay at least one step in front. There is a different type
  


• Identity Theft's Young Victims: How to Protect Your Children's Identities
  When we think of identity theft- children are probably not the first victims we might imagine. Unfortunately- more and more kids are being targeted for this crime- and the culprits may not be who
  


• Monitoring the International Web
  One of the top website monitoring services in the world has announced that it/' s industry-leading network and website monitoring services can now be accessed in French- Spanish and German- as well
  

• Home

Main Categories

• Arts Entertainment
• Business
• Communications
• Computers
• Disease Illness
• Fashion
• Finance
• Food Beverage
• Health Fitness
• Home Family
• Internet Business
• Politics
• Product Reviews
• Recreation Sports
• Reference Education
• Self Improvement
• Society
• Travel Leisure
• Vehicles
• Writing Speaking

Sub Category

• Affiliate Programs
• Auctions
• Audio-Video Streaming
• Blogging
• Domains
• Ebooks
• Ecommerce
• Email Marketing
• Ezine Marketing
• Ezine Publishing
• Forums
• Internet Marketing
• Podcasts
• PPC Advertising
• RSS
• Security
• SEO
• Site Promotion
• Spam
• Traffic Generation
• Web Design
• Web Hosting

Favorite Links

• Free website templates
• Open Web Design
• sNews CMS
• OSWD.org
• xNavigation

 

 

 

 

 

© 2007 www.travelmycity.com.