[ news_security_news ]
Blue Pill A Threat To Vista X64
David Utter
Staff Writer
2006-06-29
 Security News RSS Feed
Hypervisor technology will allow a prototype malware rootkit to take control of a system and do so in a way that even advanced Windows x64 systems will not be able to detect.
The eWeek report on the "Blue Pill" developed in Singapore said the software uses virtualization technology developed by AMD to accomplish its undetectable takeover of an operating system.
COSEINC, a security firm based in Singapore, employs researcher and rootkit expert Joanna Rutkowska, the developer of the Blue Pill. She will discuss her findings at a Windows 64 conference there in July, and at the Black Hat Briefings in Las Vegas in August.
Her Las Vegas appearance may be as controversial as Michael Lynn and his Cisco discussion that had Cisco's lawyers on high alert. If one researcher can create an undetectable rootkit, eventually others will as well.
"The strength of the Blue Pill is based on the (AMD SVM/Pacifica) technology," eWeek cited Rutkowska explaining on her Invisible Things blog. She contends that if generic detection could be written for the virtual machine technology, then Blue Pill can be detected, but it also means that Pacifica is "buggy."
"I would like to make it clear, that the Blue Pill technology does not rely on any bug of the underlying operating system. I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run on x64 platform," she also wrote of the Blue Pill.
---
Tag: Blue Pill
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Bookmark WebProNews: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
