Challenge Blue Pill

Posted by   Virus Bulletin on   Jul 1, 2007

Researcher challenged to prove 100% undetectable rootkit claim.

Joanna Rutkowska, the security researcher who last year claimed that she can create 100% undetectable malware, has been challenged by fellow researchers to prove it. Rutkowska made the claims about her Blue Pill rootkit technology at last year's Black Hat conference. However, Thomas Ptacek, Nate Lawson and Peter Ferrie - who will be presenting a paper at this year's Black Hat entitled 'Don't tell Joanna: the virtualized rootkit is dead' - argue that it is impossible to create a 100% undetectable rootkit, and have invited Rutkowska to prove them wrong.

Rutkowska has accepted the challenge on a number of conditions, one of which is that she and her Invisible Things team be compensated for the work they put in to bringing their creation to the required level. She estimates she and her team have already put four person-months into working on Blue Pill and that it would take another 12 person-months to get it to a stage at which it was undetectable. Ptacek et al. argue that, since they have only spent around one person-month working on their detector, they already stand at a 16:1 advantage. Both 'teams' will present their research at Black Hat USA at the start of next month.

Posted on 01 July 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.