Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

Blue Pill - 100% undetectable malware?

Do you think it is true? If yes, does it also apply to Unix/Linux?

http://invisiblethings.org/

'Blue Pill' Prototype Creates 100% Undetectable Malware
A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating undetectable malware, ...
www.eweek.com/article2/0,1895,1983037,00.asp
0
simala
Asked:
simala
1 Solution
 
chris_calabreseCommented:
Is it true? Mostly. Blue Pill works by creating running the real OS in a virtual machine layer using the hardware assist hyperviser available on the newest processors. It is detectable, but not by the types of mechanisms typically used today. Mechanisms that might work include pulling the disk and running some kind of malware scan from another (uninfected) machine, looking at network traffic actually coming-from/going-to the infected machine vs what the OS sees, and looking very closely at the relative timings of diffeent operations before and after infection (i.e., some operations will get slowed down a touch by the VM while others wouldn't).

Does it apply to Unix/Linux? Yes. The same principles apply regardless of what the OS being attacked is. Though the rootkit would necessarily need different code to read the filesystem, etc.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now