Virtualization May Be Security Problem, Not Solution
Here's another reason <a href="http://www.techweb.com/encyclopedia/defineterm.jhtml?term=rootkit&x=0&y=0">rootkits</a> are the scariest technology around. We've heard some good news about virtualization as a promising <a href="http://www.desktoppipeline.com/showArticle.jhtml?articleId=189602033">defense against malware</a> lately, but along comes Joanna Rutkowska to burst our bubble. Ms. Rutkowska outlines what she calls Blue Pill, a virtualization-based rootkit that uses AMD's SVM/Pacifica virt
Here's another reason rootkits are the scariest technology around. We've heard some good news about virtualization as a promising defense against malware lately, but along comes Joanna Rutkowska to burst our bubble. Ms. Rutkowska outlines what she calls Blue Pill, a virtualization-based rootkit that uses AMD's SVM/Pacifica virtualization technology to take over the OS of a PC.The Inquirer reports that Ms. Rutkowska, who works as a security researcher for COSEINC, a Singapore based IT security company, says her Blue Pill rootkit is durable (that is, it isn't erased by a restart) and can be installed on the fly without restarting the host PC.
Even Vista's much-hyped anti-rootkit defense that requires kernel-mode software to have a digital signature to load is apparently no proof against Blue Pill. Ms. Rutkowska will be presenting her brainchild at a Singapore security conference, SyScan, on July 21, and at the Black Hat Briefings in Las Vegas on August 3. She promises that her demonstration will include a working prototype that runs on Windows Vista x64 and offers a "generic method" of inserting code in the Vista Beta 2 kernel without exploiting a bug or vulnerability in the Vista code.
You can read all about Blue Pill on Ms. Rutkowska's blog, invisiblethings.
About the Author
You May Also Like