Gaz Posted June 30, 2006 Posted June 30, 2006 A Singapore researcher has found a way to make malware 100% undetectable under vista 64 bit using AMD's SVM/Pacifica virtualization technology. It basically creates an ultra-thin hypervisor that takes over control of the base operating system and there is no performance penalty - gfx and other devices are fully usable by the os which is now executing inside virtual machine. This all happens on-the-fly without rebooting. A lot of the article sounds like marketing (matrix references et al) but the virtualisation technology is here..xen etc. oh and it doesn't just affect windows: "I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD" http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html http://www.eweek.com/article2/0,1895,1983037,00.asp " A working prototype of the Blue Pill will be unveiled at the Black Hat Briefings on the same day that Microsoft is scheduled to show off some of the key security features of Windows Vista.
ecoli Posted July 1, 2006 Posted July 1, 2006 I hope the researcher was doing such things as a defensive procedure, right?
5614 Posted July 5, 2006 Posted July 5, 2006 The reasearch was for a security firm. Also Microsoft Reasearch has already developed a similar thing that is impossible to detect using a security system running on the same system, however, seemingly, it can be detected by security software on another machine. The undetectable malware is based entirely on AMD's Pacifica technology. If this malware can be detected there is a flaw in the technology. As a side point Vista is going to include some protection against root kits, although obviously not this type.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now