On 20 September 2015 at 05:58, John Foust <jfoust at threedee.com> wrote:
Someone's demonstrated you can hide in the
firmware of hard drives.
And access the hypervisor layer of an OS in various ways from programs
executing inside a VM.
So, for instance, much malware self-inactivates if it detects that
it's running inside a guest instance, so that anti-malware
investigators cannot examine its behaviour.
What is now being investigated (doubtless by both sides) is malware
that can inject code into the hypervisor from within a guest. Once
you've reached x86-64 Ring -1, then you're a god, you can do anything
you like to any VM and no anti-malware in the VMs can prevent it.
There is also research into using the increasingly industry-standard
remote-management features in core chipsets to hide or distribute
malware, again out of reach of any OS-level task.
And there is the very controversial claim of malware that could
transmit itself from machine to machine using speakers and microphone.
It's a jungle out there, with all that that implies about parasitism,
zombieism, concealment and stealth and creepy disgusting infections
that hide for a lifetime then apparently explode out of nowhere.
--
Liam Proven ? Profile:
http://lproven.livejournal.com/profile
Email: lproven at cix.co.uk ? GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven at
hotmail.com ? Skype/AIM/Yahoo/LinkedIn: liamproven
Cell/Mobiles: +44 7939-087884 (UK) ? +420 702 829 053 (?R)