[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Blue Pill - 100% undetectable malware?

Posted on 2006-07-01
1
Medium Priority
?
608 Views
Last Modified: 2010-04-12
Do you think it is true? If yes, does it also apply to Unix/Linux?

http://invisiblethings.org/

'Blue Pill' Prototype Creates 100% Undetectable Malware
A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating undetectable malware, ...
www.eweek.com/article2/0,1895,1983037,00.asp
0
Comment
Question by:simala
1 Comment
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 200 total points
ID: 17057867
Is it true? Mostly. Blue Pill works by creating running the real OS in a virtual machine layer using the hardware assist hyperviser available on the newest processors. It is detectable, but not by the types of mechanisms typically used today. Mechanisms that might work include pulling the disk and running some kind of malware scan from another (uninfected) machine, looking at network traffic actually coming-from/going-to the infected machine vs what the OS sees, and looking very closely at the relative timings of diffeent operations before and after infection (i.e., some operations will get slowed down a touch by the VM while others wouldn't).

Does it apply to Unix/Linux? Yes. The same principles apply regardless of what the OS being attacked is. Though the rootkit would necessarily need different code to read the filesystem, etc.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question