Anti HVM rootkit?
deadc...@gmail.com
to me though that it's possible to use the same technique to prevent
this type of rootkit. Specifically, an HVM with the sole purpose of
maintaining itself as the only HVM on the machine. (I hope I got the
general idea across as I'm not sure I'm using the correct terminology.)
Has anyone heard of research on this sort of thing? Is this even
plausible?
4Q
You need to ask Kurt Wismer, he knows everything about r00tkits!
I read his r00tkit page and thought "WHAT A FUCKING GENIUS!!!"
Blue/Red/Green/Yellow pill r00tkit's stand no chance with that kid
around!
;]]
4Q
kurt wismer
why yes, i've heard of that idea before
http://anti-virus-rants.blogspot.com/2006/06/blue-pill-is-hard-to-swallow.html
i believe some people like to call this the highlander defense (because
apparently with hypervisors there can be only one)... and i believe even
joanna rutkowska has acknowledged this possibility (this is prevention
and she's always billed the blue pill as being 100% immune to
*detection*, not prevention)...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
LDH
One of your friends, Kurt?
Good to see one of the 'old-timers' stil around!
-30-
kurt wismer
>> You need to ask Kurt Wismer, he knows everything about r00tkits!
>> I read his r00tkit page and thought "WHAT A FUCKING GENIUS!!!"
>>
>> Blue/Red/Green/Yellow pill r00tkit's stand no chance with that kid
>> around!
>>
>> ;]]
>>
>> 4Q
>
> One of your friends, Kurt?
no, i'm pretty sure the above falls under the heading of sarcasm... this
has been going on ever since i offended him by saying he was behaving
like a poseur (just behaving, mind you, i never said he really was one)...
> Good to see one of the 'old-timers' stil around!
there's more than one, larry (assuming you're the ldh i think you
are)... actually, i'm surprised you don't recognize 4q, he's been around
for some time also, though i suppose he didn't make the same kind of
impression in the past as he does now...
of course, it's david lipman who's really making impressions these days...
4Q
> LDH wrote:
> > On 5 Jan 2007 22:23:46 -0800, "4Q" <paul...@hushmail.com> wrote:
> [snip]
> >> You need to ask Kurt Wismer, he knows everything about r00tkits!
> >> I read his r00tkit page and thought "WHAT A FUCKING GENIUS!!!"
> >>
> >> Blue/Red/Green/Yellow pill r00tkit's stand no chance with that kid
> >> around!
> >>
> >> ;]]
> >>
> >> 4Q
> >
> > One of your friends, Kurt?
>
> no, i'm pretty sure the above falls under the heading of sarcasm... this
> has been going on ever since i offended him by saying he was behaving
> like a poseur (just behaving, mind you, i never said he really was one)...
Kurt I've always had you in my sights (just cus you are a regular
ACV character, good or bad). I just haven't got around to including
you into the 4Q site yet. ;]]
>
> > Good to see one of the 'old-timers' stil around!
>
> there's more than one, larry (assuming you're the ldh i think you
> are)... actually, i'm surprised you don't recognize 4q, he's been around
> for some time also, though i suppose he didn't make the same kind of
> impression in the past as he does now...
*hmmm* Strange that Larry doesn't remember me, he bought an
illegal bootleg video tape from me several years ago.
http://groups.google.com/group/alt.comp.virus/msg/4991dea9fe8e82ba?dmode=source
:)))
>
> of course, it's david lipman who's really making impressions these days...
>
Yeah Lipman is da AV man now. Checkout this AV publicity shot
as he poses as the 'Winged AV avenger'.
http://fourq.host.sk/img/dhl.jpg
However you may be more familiar with David out of costume
in this photo.
http://fourq.host.sk/img/dhl2.jpg
4Q
LDH
I remember you. I assume this is more of your 'humor' since the
reference doesn't refer to my actually buying anything from you, let
alone an 'illegal bootleg video tape'.
-30-
James Egan
On Mon, 08 Jan 2007 09:41:23 -0500, LDH <cyber...@copper.net> wrote:
>the
>reference doesn't refer to my actually buying anything from you, let
>alone an 'illegal bootleg video tape'.
A mere quibble.
Laura Fredericks
Hash: SHA1
On 7 Jan 2007 23:31:56 -0800, "4Q" <paul...@hushmail.com> wrote in
post:
>However you may be more familiar with David out of costume
>in this photo.
>http://fourq.host.sk/img/dhl2.jpg
Hey! Where's my credit for uh, "finding" that glorious photo?! ;-)
(Larry's back? Oh, joy! :-/ I need his pic in the acv photo gallery!)
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRaP5p6RseRzHUwOaEQKN5gCeOoAbnjX/6yZlKGBT+xTWvZiF8s8An0U0
OnmUBX5WpAECPdhLffRa0p3C
=9l4B
-----END PGP SIGNATURE-----
--
Laura Fredericks
4Q's "wicked evil bitch of satire, parody, humor and trollism"
PGP key ID - DH/DSS 2048/1024: 0xC753039A
alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/
usenet flamewars:
http://www.queenofcyberspace.com/usenet/
Remove CLOTHES to reply.
4Q
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 7 Jan 2007 23:31:56 -0800, "4Q" <paul...@hushmail.com> wrote in
> post:
> >However you may be more familiar with David out of costume
> >in this photo.
> >http://fourq.host.sk/img/dhl2.jpg
>
> Hey! Where's my credit for uh, "finding" that glorious photo?! ;-)
Credit due for Laura. But let's not forget you would never have
"finding that glorious photo" if I won't have beena finding the
Lipman 'Winged AV Avenger' photo in the first place ;]]
>
> (Larry's back? Oh, joy! :-/ I need his pic in the acv photo gallery!)
Don't worry I be a finding his photo *wink* *hahaha*
I think I spotted it a while back, a sneaky looking type
in a dirty old mac grabbing an illegal video tapes pushed
out from the blackenedd out windows of a BMW. (midnight delivery)
http://fourq.host.sk/img/meaner_than_catpiss.jpg
4Q
LDH
<anon...@CLOTHEShotmail.com> wrote:
[snip]
>
>(Larry's back? Oh, joy! :-/ I need his pic in the acv photo gallery!)
>
Greetings, Queen Of Cyberspace. No photo available - all cameras
broke.
-30-
Laura Fredericks
Hash: SHA1
On 10 Jan 2007 03:58:03 -0800, "4Q" <paul...@hushmail.com> wrote in
post:
>Laura Fredericks wrote:
>>Hey! Where's my credit for uh, "finding" that glorious photo?! ;-)
>
>Credit due for Laura. But let's not forget you would never have
>"finding that glorious photo" if I won't have beena finding the
>Lipman 'Winged AV Avenger' photo in the first place ;]]
I was trying to protect you from DHL finding out that you sent me the
original! And now you go and admit it on usenet! You just busted
yourself, 4Q. ;-)
Anyway, it was indeed me that uh, "found" the version sans wings but
with the motorcycle jacket. (Perhaps they're folded under the
jacket?)
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRaWTkKRseRzHUwOaEQI4eQCeLYp+vOijswJ1ZDzSpqXDwhRwQ4oAnAsD
aGs3+8fzarmLaK1zCaZd4+CN
=+1Fy
Laura Fredericks
Hash: SHA1
On Wed, 10 Jan 2007 17:12:04 -0800, LDH <cyber...@copper.net> wrote
in post:
>Greetings, Queen Of Cyberspace. No photo available - all cameras
>broke.
Guess I'll have to use a Larry DeHaan-replica. Shouldn't be too hard
to find one on the interweb. ;-)
To those newbies not familiar with Mr. DeHaan, here's how av-industry
and acv legend Rodzilla referred to him in his "acv hall of fame":
"Larry De Haan: A wannabee John Allen Muhammad."
(Whoops. Did I say Rod wrote the acv hall of fame? Heh. He still
swears it wasn't him.)
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRaWVNaRseRzHUwOaEQILTACgzP5jlYEESvAC6utHjgxBcOOmFmsAoICb
BePMJNgpPZAFL9AwLUhoEJzY
=UIhL
LDH
<anon...@CLOTHEShotmail.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 10 Jan 2007 17:12:04 -0800, LDH <cyber...@copper.net> wrote
>in post:
>>Greetings, Queen Of Cyberspace. No photo available - all cameras
>>broke.
>
>Guess I'll have to use a Larry DeHaan-replica. Shouldn't be too hard
>to find one on the interweb. ;-)
>
>To those newbies not familiar with Mr. DeHaan, here's how av-industry
>and acv legend Rodzilla referred to him in his "acv hall of fame":
>
>"Larry De Haan: A wannabee John Allen Muhammad."
>
Of course, that's like saying " Laura Fredericks: Hobby Psychologist"
Neither reference makes any sense.
Last time I heard, Rod Fewster was called 'Noddy Roddy'.
-30-
Laura Fredericks
Hash: SHA1
On Wed, 10 Jan 2007 17:44:39 -0800, LDH <cyber...@copper.net> wrote
in post:
>On Thu, 11 Jan 2007 01:39:15 GMT, Laura Fredericks wrote:
>>To those newbies not familiar with Mr. DeHaan, here's how
>>av-industry and acv legend Rodzilla referred to him in his "acv
>>hall of fame":
>>
>>"Larry De Haan: A wannabee John Allen Muhammad."
>
>Of course, that's like saying " Laura Fredericks: Hobby
>Psychologist" Neither reference makes any sense.
But IT DOES make sense. I *am* a hobby psychologist! (You remembered,
aww!) And Rod (or whoever, heh) thinks of you as a serial sniper.
>Last time I heard, Rod Fewster was called 'Noddy Roddy'.
4Q says it's really DAV, lol.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRaWe2aRseRzHUwOaEQJEKgCgtHSdXX+hnotf1QVvImqKvJK4yWcAnjX/
NULZm6f0fhhVVl/RNIr8ihUC
=RpwK
4Q
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10 Jan 2007 03:58:03 -0800, "4Q" <paul...@hushmail.com> wrote in
> post:
> >Laura Fredericks wrote:
> >>Hey! Where's my credit for uh, "finding" that glorious photo?! ;-)
> >
> >Credit due for Laura. But let's not forget you would never have
> >"finding that glorious photo" if I won't have beena finding the
> >Lipman 'Winged AV Avenger' photo in the first place ;]]
>
> I was trying to protect you from DHL finding out that you sent me the
> original! And now you go and admit it on usenet! You just busted
> yourself, 4Q. ;-)
I appreciate that you are trying to protect me, that's what mates
are for. :)) Yeah *I* busted myself! *fuck-a-duck* I'm finished
now everyone is going to realise that all that naughty stuff going
on in the background is all down to *me* Sorry everyone I can't
help it!!! Luckily (for you) I'm not 'king of the world' I'd be
worse than 'Ming the Merciless' rule my plebs with the cruel
iron fist of fear.
<snip>
> with the motorcycle jacket. (Perhaps they're folded under the
> jacket?)
*HAHAHAHAHA* Like Superman's hidden attire. Jumps into a phone
box to change into his costume.
4Q (busted)
Laura Fredericks
Hash: SHA1
On 10 Jan 2007 20:00:19 -0800, "4Q" <paul...@hushmail.com> wrote in
post:
>Yeah *I* busted myself! *fuck-a-duck* I'm finished now everyone is
>going to realise that all that naughty stuff going on in the
>background is all down to *me*
So *you're* DAV!
And *you* wrote the "acv hall of fame"!
And it was *you* who chased Dimbulb, Dickhead, Tracker and Pax off
acv!
>Luckily (for you) I'm not 'king of the world' I'd be worse than
>'Ming the Merciless' rule my plebs with the cruel iron fist of fear.
>
But *I'm* Queen of Cyberspace! ;-)
>...Like Superman's hidden attire. Jumps into a phone box to change
>into his costume.
We don't have phone booths anymore. At least not in NYC. I can't
remember when I last saw one.
Perhaps he uses one of those new-fangled public toilets in Times
Square!
http://www.usatoday.com/news/nation/2006-11-21-charmin_x.htm
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRaXQaqRseRzHUwOaEQKp/wCfaOllLUTSEn3ABZbcOqAZT/2wcVcAoN/O
jyXpRcZjConChI26DtrwCKoL
=k83l
4Q
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10 Jan 2007 20:00:19 -0800, "4Q" <paul...@hushmail.com> wrote in
> post:
> >Yeah *I* busted myself! *fuck-a-duck* I'm finished now everyone is
> >going to realise that all that naughty stuff going on in the
> >background is all down to *me*
>
> So *you're* DAV!
No! I am 'DAVQ' the real DAV (aka ZDAV) said so just recently.
Or was it my socking up *grin*
>
> And *you* wrote the "acv hall of fame"!
>
> And it was *you* who chased Dimbulb, Dickhead, Tracker and Pax off
> acv!
*look of guilt* Sorry... Please all of you come back!
>
> >Luckily (for you) I'm not 'king of the world' I'd be worse than
> >'Ming the Merciless' rule my plebs with the cruel iron fist of fear.
> >
>
> But *I'm* Queen of Cyberspace! ;-)
>
> >...Like Superman's hidden attire. Jumps into a phone box to change
> >into his costume.
>
> We don't have phone booths anymore. At least not in NYC. I can't
> remember when I last saw one.
Mobile phones have killed Superdude's favorite hiddie-hole,
he's been reduced to hanging around toilets looking like a
seedy lurker! (perhaps Larry has spotted him)
4Q