Considerations about Virtual Machine Based Rootkits
Johanna Rutkowska describes in her BlackHat presentation about a new kind of root kit: Virtual Machine Based Rootkit (VMBR). The operating system of the user is moved into an virtual machine and thus moving the rootkit out of the reach of rootkit detection. Well, perhaps this method of masking the rootkit is the solution for the problem as well. Perhaps we need a VM layer that observes and controls the operating system and denies every attempt to create a new virtual machine. By doing so, the rootkit detection is out of reach of the exploit.