'Blue Pill' Prototype Creates 100% Undetectable Malware
Joanna Rutkowska, a security researcher at Singapore-based IT security firm COSEINC, has created a working prototype of a new technology that is capable of creating undetectable malware using AMD's Pacifica virtualization platform, and this, even on Windows Vista x64 systems. Apparently, this technology can be used to easily insert arbitrary code into the Vista Beta 2 kernel without relying on any implementation bug.
The technique effectively bypasses a crucial anti-rootkit policy change coming in Windows Vista that requires kernel-mode software to have a digital signature to load on x64-based systems.
Frightening isn't it? But wait, it gets better:
Now, Rutkowska is pushing the envelope even more, arguing that the only way Blue Pill can be detected is if AMD's Pacifica technology is flawed.
Great, just what we need, undetectable malware.
The prototype will be demonstrated at the SyScan Conference in Singapore on July 21 and at the Black Hat Briefings in Las Vegas on Aug. 3.