Vitriol Rootkit to Demo at MS BlueHat Hacker Summit

Dino Dai Zovi, a principal at penetration-testing outfit Matasano Security, has been invited to Microsoft's Redmond, Wash., campus to showcase a hardware VM-based rootkit called Vitriol that piggybacks on Intel's VT-x virtualization extension. Zovi, an expert on exploitation techniques, 802.11 wireless attacks and operating system kernel security, will demo the rootkit at the conference, to which select members of the hacking community are invited to brainstorm security issues with Microsoft employees and executives.

The Vitriol presentation is an expansion of a talk given by Zovi at the Black Hat Briefings in Las Vegas in August, and will include a technical explanation of how Intel's VT-x extensions can allow malicious hackers to install a "rootkit hypervisor" that invisibly runs the original operating system in a virtual machine.

Zovi plans to demonstrate how the Vitriol rootkit can migrate a running operating system into a hardware virtual machine on the fly and install itself as a rootkit hypervisor. The malicious code becomes inaccessible to the operating system, maintaining stealth and controlling access to the malware.