The Ultimate RootkitMarch 26th, 2007
It has long been known that, when it comes to rootkits, you cannot trust anything reported by software. So state of the art rootkit detection uses custom-built hardware to get an image of RAM. (Back in “the day,” there were peripherals that took an image of RAM in order to crack software copy protection. The hardware-based rootkit solutions work in a similar manner.) But a security researcher has developed a proof-of-concept rootkit that modifies the image of RAM obtained by these hardware detectors, such that the image is different from what actually resides in physical memory. This is the ultimate in rootkit stealthiness, and I find it to be mind boggling.