?
Solved

Blue Pill - 100% undetectable malware?

Posted on 2006-07-01
1
Medium Priority
?
586 Views
Last Modified: 2010-04-12
Do you think it is true? If yes, does it also apply to Unix/Linux?

http://invisiblethings.org/

'Blue Pill' Prototype Creates 100% Undetectable Malware
A security researcher with expertise in rootkits has created a working prototype of new technology that is capable of creating undetectable malware, ...
www.eweek.com/article2/0,1895,1983037,00.asp
0
Comment
Question by:simala
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 200 total points
ID: 17057867
Is it true? Mostly. Blue Pill works by creating running the real OS in a virtual machine layer using the hardware assist hyperviser available on the newest processors. It is detectable, but not by the types of mechanisms typically used today. Mechanisms that might work include pulling the disk and running some kind of malware scan from another (uninfected) machine, looking at network traffic actually coming-from/going-to the infected machine vs what the OS sees, and looking very closely at the relative timings of diffeent operations before and after infection (i.e., some operations will get slowed down a touch by the VM while others wouldn't).

Does it apply to Unix/Linux? Yes. The same principles apply regardless of what the OS being attacked is. Though the rootkit would necessarily need different code to read the filesystem, etc.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question