Malware will not be detected
A security researcher specializing in rootkits has successfully developed a prototype of a new technology that enables the creation of '100% invisible' malware, even for x64 systems like Windows Vista.
A rootkit security researcher has successfully developed a prototype of a new technology that allows the creation of "100% invisible" malware, even for x64 systems like Windows Vista.
Joanna Rutkowska - an expert in "hidden" malware technology at security firm COSEINC based in Singapore - said the new technology Blue Pill using AMD's virtualization technology can help. create a very small software that is capable of controlling the entire operating system. It cannot be detected.
Rutkowska plans to present his new idea at the SyScan Conference to be held in Singapore at the end of July and at the Black Hat Conference in the US in early August.
The idea is not new
The idea of a virtual machine rootkit is not new. Microsoft and Michigan University researchers created a rootkit based on the virtual machine technology called SubVirt. This is a rootkit that cannot be detected because security software cannot access its status.
Now, Rutkowska continues to develop this technology. However, the expert also confirmed that Blue Pill could be detected if AMD's Pacifica technology failed.
Where does the power come from?
" The strength of Blue Pill is due to SVM technology ," Rutkowska explained. If the "generic" detection capability is added to virtual machine technology, Blue Pill will lose its invisible capabilities. But this only makes sense when AMD's Pacifica technology fails.
" On the other hand, if you cannot add generic detection techniques to SVM on a virtual machine platform, you will never be able to detect Blue Pill ."
"The idea of the Blue Pill is very simple: Your operating system swallowed a Blue Pill and it will work in a Matrix controlled by a tiny Hypervisor Blue Pill. This happens directly when operating system, does not affect other devices . "
Rutkowska also emphasized that Blue Pill is not based on any errors that exist in the operating system. Blue Pill technology will be proprietary to COSEINC Research and will not be publicly available. But Rutkowska said her firm also plans to organize training on the new technology and will reveal the technology source in such training courses.
Hoang Dung
You should read it
- Instructions to fix blue screen error on computer
- 5 apps that help identify drugs and remind you to take your medicine on time
- Videos and photos about Windows Blue
- The reason technology companies often choose blue logos
- The first ad of the couple 'Apple & Beats'
- Blue wallpaper, blue background image
- It turns out this is the reason why seawater is often blue but the waves are white
- Learn about blue light filters
- Who wrote the 'dead blue screen' message for Windows?
- What is blue switch? 5 mechanical keyboard models using blue switches
- Super rare scene: Blue whales ... 'walk heavy' in the middle of the ocean
- Prevent 'blue screen errors' on Windows 8
Maybe you are interested
How to close the port / Port 445 on Windows 2000 / XP / 2003 to Windows 10 to prevent ransomware WannaCry Configure Hyper-V security using Authorization Manager - Part 2 Wi-Fi Enterprise and 802.1X encryption in Mac OS X Control file system encryption (EFS) with Group Policy Learn Null Session attacks Delete temporary Internet files with Group Policy Preferences