[Geeks are Sexy] technology news





Thursday, June 29, 2006

'Blue Pill' Prototype Creates 100% Undetectable Malware

Joanna Rutkowska, a security researcher at Singapore-based IT security firm COSEINC, has created a working prototype of a new technology that is capable of creating undetectable malware using AMD's Pacifica virtualization platform, and this, even on Windows Vista x64 systems. Apparently, this technology can be used to easily insert arbitrary code into the Vista Beta 2 kernel without relying on any implementation bug.

The technique effectively bypasses a crucial anti-rootkit policy change coming in Windows Vista that requires kernel-mode software to have a digital signature to load on x64-based systems.

Frightening isn't it? But wait, it gets better:

Now, Rutkowska is pushing the envelope even more, arguing that the only way Blue Pill can be detected is if AMD's Pacifica technology is flawed.

Great, just what we need, undetectable malware.

The prototype will be demonstrated at the SyScan Conference in Singapore on July 21 and at the Black Hat Briefings in Las Vegas on Aug. 3.

Read more.



2 Comments:

  • while it is new and quite interesting, it's not undetectable... it can't be undetectable as that would mean that the stealth mechanism that protects it from discovery is perfect and we already know there can be no perfect protection...

    it may not be detectable by current products/techniques, but there is always a way...

    By Blogger kurt wismer, at 10:14 AM  

  • I agree with you completely, the guy who's going to make a demo of the exploit has to prove all of this yet..

    We'll probaby see some additional developement on this story in the next few weeks...

    By Blogger Kiltak, at 2:28 PM  

Post a Comment

Links to this post:

Create a Link

<< Home