Joanna Rutkowska is the name I've seen associated with this attack,
which is frequently called Blue Pill, from the Matrix. She has
demonstrated a running version on Vista x64 and is presenting at Black
Hat today. According to reports, she was able to install the rootkit on
a running system, no reboot required.
http://www.eweek.com/article2/0,1895,1983037,00.asp is a news article on
the subject.
The key point is that you're both right. You are safer if you use a
virtual machine to run Windows. However, if your base system gets
infected, virtualizability assures that there is no mechanism by which
the OS can detect the attack.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karphttp://www.hpl.hp.com/personal/Alan_Karp/
[Karp, Alan H.vcf]
BEGIN:VCARD
VERSION:2.1
N:Karp;Alan
FN:Karp, Alan H
ORG:Hewlett-Packard Co;Advanced Architecture
TEL;WORK;VOICE:+1 650 857 3967
ADR;WORK:;PAL03:H37;1501 Page Mill Rd.;Palo Alto;California;94304-1100;United States
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:PAL03:H37=0D=0A1501 Page Mill Rd.=0D=0APalo Alto, California 94304-1100=0D=
=0AUnited States
EMAIL;PREF;INTERNET:alan.karp@...
REV:20060509T161609Z
END:VCARD
_______________________________________________
cap-talk mailing list
cap-talk@...
http://www.eros-os.org/mailman/listinfo/cap-talk
