Solved

Blue Pill - 100% undetectable malware?

Posted on 2006-07-01
1
571 Views
Last Modified: 2010-04-12
Do you think it is true? If yes, does it also apply to Unix/Linux?

http://invisiblethings.org/

'Blue Pill' Prototype Creates 100% Undetectable Malware
A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating undetectable malware, ...
www.eweek.com/article2/0,1895,1983037,00.asp
0
Comment
Question by:simala
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 50 total points
ID: 17057867
Is it true? Mostly. Blue Pill works by creating running the real OS in a virtual machine layer using the hardware assist hyperviser available on the newest processors. It is detectable, but not by the types of mechanisms typically used today. Mechanisms that might work include pulling the disk and running some kind of malware scan from another (uninfected) machine, looking at network traffic actually coming-from/going-to the infected machine vs what the OS sees, and looking very closely at the relative timings of diffeent operations before and after infection (i.e., some operations will get slowed down a touch by the VM while others wouldn't).

Does it apply to Unix/Linux? Yes. The same principles apply regardless of what the OS being attacked is. Though the rootkit would necessarily need different code to read the filesystem, etc.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question