Malware will not be detected
A rootkit security researcher has successfully developed a prototype of a new technology that allows the creation of "100% invisible" malware, even for x64 systems like Windows Vista.
Joanna Rutkowska - an expert in "hidden" malware technology at Singapore-based security firm COSEINC - said the new technology Blue Pill using AMD's virtualization technology could help. create a very small software that is capable of controlling the entire operating system. It cannot be detected.
Rutkowska plans to show off his new idea at the SyScan Conference to be held in Singapore later this July and at the Black Hat Conference in the US in early August.
The idea is not new
Rutkowska has revealed that the new technology relies on a "generic method" dynamic solution to insert some binaries into the Vista kernel Beta 2 (x64 edition) without generating any errors. This technique has helped to overcome the changes in Windows Vista's anti-rootkit policy.
The idea of a virtual machine rootkit is not new. Microsoft and Michigan University researchers created a rootkit based on virtual machine technology called SubVirt. This is a rootkit that cannot be detected because security software cannot access its status.
Now, Rutkowska continues to develop this technology. However, the expert also confirmed that Blue Pill could be detected if AMD's Pacifica technology failed.
Where does the power come from?
" The power of Blue Pill is due to SVM technology ," explained Rutkowska. If the "generic" detection capability is added to virtual machine technology, Blue Pill will lose its invisible capabilities. But this only makes sense when AMD's Pacifica technology fails.
" On the other hand, if you cannot add generic detection techniques to SVM on a virtual machine platform, you will never be able to detect Blue Pill ."
"The idea of Blue Pill is very simple: Your operating system swallowed a Blue Pill and it will work in a Matrix controlled by a tiny Hypervisor Blue Pill. This happens directly when operating system, does not affect other devices . "
Rutkowska also emphasized that Blue Pill is not based on any errors that exist in the operating system. Blue Pill technology will be proprietary to COSEINC Research and will not be publicly available. But Rutkowska said her company also plans to organize training on the new technology and will reveal the technology source in such training courses.
Hoang Dung
- Welcome Vista with malware
- 5 things you need to do immediately to prevent WannaCry malware
- Chinese malware aimed at passwords
- EMCO Malware Destroyer -
- Sneaking malware on the Internet
- The biggest security threats in 2007
- Detecting malware on Android specializes in stealing 'virtual money'
- Not only blackmail, WannaCry malicious code can be deadly
- Malware 'bite back' security website
- Iframe software keeps 'champion' on malicious
- Bi.a threatens both Windows and Linux
- The numbers startle about destructive software