Skip to comments.
'Blue Pill' Prototype Creates 100% Undetectable Malware
PC Magazine (excerpt) ^
| June 28, 2006
| Ryan Naraine
Posted on 06/28/2006 7:35:03 PM PDT by HAL9000
Excerpt -
A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems. Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.
Rutkowska plans to discuss the idea and demonstrate a working prototype for Windows Vista x64 at the end at the SyScan Conference in Singapore on July 21 and at the Black Hat Briefings in Las Vegas on August 3.
The Black Hat presentation will occur on the same day Microsoft is scheduled to show off some of the key security features and functionality being fitted into Vista.
Rutkowska said the presentation will deal with a "generic method" of inserting arbitrary code into the Vista Beta 2 kernel (x64 edition) without relying on any implementation bug.
~ snip ~
(Excerpt) Read more at news.yahoo.com ...
TOPICS:
KEYWORDS: blackhats; bluepill; coseinc; hackers; hypervisor; lowqualitycrap; malware; microsoft; rootkit; rootkits; spyware; stealth; stealthmalware; virus; viruses; vista; windows; windowsvista; worm; worms
Navigation: use the links below to view more comments.
first previous 1-20, 21-33 last
To: Swordmaker
Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology... I think that Rutkowska may be referring to Linux and BSD running on AMD chips. Unless Intel is using this AMD virtualization technology it appears that Macs may escape.
To: John Valentine
I think that Rutkowska may be referring to Linux and BSD running on AMD chips. Unless Intel is using this AMD virtualization technology it appears that Macs may escape. That's why the PING! said "...could..." The new Intel Core processors also have a virtualization layer... it may just be time or secrecy that keeps us from knowing about a rootkit that will work on it.
22
posted on
06/28/2006 10:10:22 PM PDT
by
Swordmaker
(Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!")
To: Swordmaker
Love my G4 Mac(s) even more now.
23
posted on
06/29/2006 12:07:56 AM PDT
by
mhx
To: Perdogg
Without a virus, there'd be no need to buy an antivirus.
Sounds like a perfect self-perpetuating business plan to me......:]
24
posted on
06/29/2006 3:23:15 AM PDT
by
Salamander
(And don't forget my Dog; fixed and consequent)
To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...
25
posted on
06/29/2006 5:36:47 AM PDT
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: Theo
but at least it doesn't take up so much HD space like the old stupid-fat and bloated subhypervisors.
if women would just start having sex with these virus writing geeks all this crap would come to a grinding stop.
26
posted on
06/29/2006 6:01:02 AM PDT
by
postaldave
(McCain & Bush, you traitorous !#!$!!s. you two are no different then ted kennedy.)
To: HAL9000
Damn scary stuff. I believe I had a run in with something similar last year.
I won in the end, but it was a tough fight.
27
posted on
06/29/2006 6:19:33 AM PDT
by
KoRn
To: Swordmaker
" FreeBSD (OS X) could be vulnerable"
I don't think so. Apparently, this relies on AMD processors. Even if Intel adds this kind of virtualization technology to their processors, this particular exploit probably wouldn't work.
28
posted on
06/29/2006 6:20:16 AM PDT
by
DesScorp
To: HAL9000
Sounds to me like a hardware based back door. Shame on AMD.
29
posted on
06/29/2006 6:23:40 AM PDT
by
beef
(Who Killed Kennewick Man?)
To: Theo
"You got a problem with my ultra-thin hypervisor, punk??"
30
posted on
06/29/2006 8:38:11 AM PDT
by
Turbopilot
(iumop ap!sdn w,I 'aw dlaH)
To: InMemoriam
If this is stored on the hard drive, boot from a CD, and find it sitting unexecuted on the hard drive.
A *really* good one should first try to write extra instructions to the firmware in your PC, to thwart this sort of detection later.
To: beezdotcom
A *really* good bad one should first try to write extra instructions to the firmware in your PC, to thwart this sort of detection later. There, fixed it for you.
32
posted on
06/29/2006 9:40:47 AM PDT
by
Swordmaker
(Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!")
To: postaldave
"if women would just start having sex with these virus writing geeks all this crap would come to a grinding stop."
ROTF!!
33
posted on
06/29/2006 10:45:07 AM PDT
by
rzeznikj at stout
(ASCII and ye shall receive... (Computers 3:14))
Navigation: use the links below to view more comments.
first previous 1-20, 21-33 last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson