A New Breed of Rootkit
A new breed of rootkits are emerging into the malware scene. The new technique will render the rootkit completely undetectable because absolutely no modifications to the operating system will be necessary. Virtualization is a feature that has been present in x86 chips since the Intel 386 emerged in 1985. Aside from specialized tasks, virtualization has long been used for internal DOS emulation in Windows and used in part by virtual machines like VMWare. Only now, however, are processors fast enough to allow separate instances of virtual processes to operate in such a way as to be imperceptible to users. First demonstrated by the Microsoft engineers that designed the Stryder rootkit detection software, new rootkits are able to run beneath the operating system. The modern processor is fast enough for the host operating system to run as a virtual process of the rootkit host.