Rootkits that use virtualization techniques should not present detection problems, according to researchers from Carnegie Mellon and Stanford universities in the US. Working with virtualization technology vendors VMware and XenSource, the researchers produced a study called Compatibility is not transparency: VMM detection myths and realities. In the study the researchers claimed that rootkits could not use hypervisor technology to remain undetected on a system.

http://news.zdnet.co.uk/security/0,1000000189,39289762,00.htm

Urs