On 20 September 2015 at 05:58, John Foust <jfo...@threedee.com> wrote: > Someone's demonstrated you can hide in the firmware of hard drives.
And access the hypervisor layer of an OS in various ways from programs executing inside a VM. So, for instance, much malware self-inactivates if it detects that it's running inside a guest instance, so that anti-malware investigators cannot examine its behaviour. What is now being investigated (doubtless by both sides) is malware that can inject code into the hypervisor from within a guest. Once you've reached x86-64 Ring -1, then you're a god, you can do anything you like to any VM and no anti-malware in the VMs can prevent it. There is also research into using the increasingly industry-standard remote-management features in core chipsets to hide or distribute malware, again out of reach of any OS-level task. And there is the very controversial claim of malware that could transmit itself from machine to machine using speakers and microphone. It's a jungle out there, with all that that implies about parasitism, zombieism, concealment and stealth and creepy disgusting infections that hide for a lifetime then apparently explode out of nowhere. -- Liam Proven • Profile: http://lproven.livejournal.com/profile Email: lpro...@cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven MSN: lpro...@hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven Cell/Mobiles: +44 7939-087884 (UK) • +420 702 829 053 (ČR)
