Showing posts from August 8, 2006

The Blue Pill - 100% undectable malware

During Code Con 2006 7 months ago I first heard about the existence of virtual machines based rootkits. I've also been reading about hypervisor technology and about products like Xen which are trying to build a better virtual machine engines. Amd and Intel now, officially, have hooks in the processor itself to support this. Unlike traditional virtual machines which "emulate" all the processing within another OS, using this new technology, each OS could infact live along with each other talking directly with the processor. But what took me by surprise is that within this short time of all this happening, there is a new technology called the " Blue Pill " which has been demonstrated and discussed in the underground world, which makes use of the virtualization features of the processors to make 100% undetactable malware. Here is an extract from authors description of blue pill.. All the current rootkits and backdoors, which I am aware of, are based on a concept