Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Blue Pill - 100% undetectable malware?

Posted on 2006-07-01
1
545 Views
Last Modified: 2010-04-12
Do you think it is true? If yes, does it also apply to Unix/Linux?

http://invisiblethings.org/

'Blue Pill' Prototype Creates 100% Undetectable Malware
A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating undetectable malware, ...
www.eweek.com/article2/0,1895,1983037,00.asp
0
Comment
Question by:simala
1 Comment
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 50 total points
ID: 17057867
Is it true? Mostly. Blue Pill works by creating running the real OS in a virtual machine layer using the hardware assist hyperviser available on the newest processors. It is detectable, but not by the types of mechanisms typically used today. Mechanisms that might work include pulling the disk and running some kind of malware scan from another (uninfected) machine, looking at network traffic actually coming-from/going-to the infected machine vs what the OS sees, and looking very closely at the relative timings of diffeent operations before and after infection (i.e., some operations will get slowed down a touch by the VM while others wouldn't).

Does it apply to Unix/Linux? Yes. The same principles apply regardless of what the OS being attacked is. Though the rootkit would necessarily need different code to read the filesystem, etc.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question