Clan x86
Technical (Development, Security, etc.) => General Security Information => Topic started by: iago on October 15, 2006, 06:52:19 pm
-
Blue Pill is a rootkit with an interesting concept -- it forces Windows into a virtualized environment without knowing it. It's an impossible-to-detect rootkit being developed (or maybe already developed?) for Vista.
Read all about it (http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html)
Keep in mind this same concept can apply to Unix, Linux, Mac, and whatever -- it just hasn't yet.
-
Red Pill.
-
Red Pill.
The idea behind the "blue pill" is that the malware feeds the "blue pill" to your computer, it falls asleep, and wakes up inside the virtual environment ("the matrix").
-
Old news. IIRC, this was used against Vista before, and it needed administrator privilidges.
-
You had to jump through like 10 UAC prompts before it let you do it.
-
Red Pill.
The idea behind the "blue pill" is that the malware feeds the "blue pill" to your computer, it falls asleep, and wakes up inside the virtual environment ("the matrix").
I know, I read it. :P For some reason, though, Red Pill just stuck out to me when I went through the article.
-
Old news. IIRC, this was used against Vista before, and it needed administrator privilidges.
You had to jump through like 10 UAC prompts before it let you do it.
Yeah, but this is besides the infection vector. There are plenty of viruses/rootkits around that hide themselves in different and creative ways, like the article lists at the top. This is yet another way to hide an infection on a system.
And yeah, although this rootkit is specifically for Vista, it's a new and unique concept. The idea of secretly running an OS within a virtual environment is interesting and scary.
-
This idea was kind of done on a much smaller scale with the way WoWGlider ran WoW. It ran WoW as a limited virtual user un-allowed to scan process lists (not that it mattered, because WoWGlider changed it's EXE header, randomly changed memory thingies, and gave itself a random window name and process name, and was hidden in the task list) and removed some kind of debugging flags so that WoW couldn't tell you were reading it's memory, and then simulated true keyboard/mouse events instead of writing memory so that it was impossible to detect that anything was wrong. If only Mercury had used his power for good. :)
-
Yay for my decision long ago to stick with Intel hardware since AMD is the attack vector for this! :D
-
At least AMD's chips were never released with a terrible floating point error!
-
At least AMD's chips were never released with a terrible floating point error!
Oh man, you're right. A floating point error is much worse than undetectable malware....
-
Is it going to interfere with medical and aviation equipment the same way Intel's floating point error did? :P
-
Is it going to interfere with medical and aviation equipment the same way Intel's floating point error did? :P
Potentially. Fortunately for me, I've never operated medical nor aviation equipment, so it wasn't a problem!
-
Potentially. Fortunately for me, I've never operated medical nor aviation equipment, so it wasn't a problem!
It would have effected you just as easily. I'm just saying it effected sensitive equipment.
-
Potentially. Fortunately for me, I've never operated medical nor aviation equipment, so it wasn't a problem!
It would have effected you just as easily. I'm just saying it effected sensitive equipment.
It created sensitive equipment? :-o
-
::)