Related topics

'Blue Pill' prototype creates 100% undetectable malware
... kurt wismer wrote : maybe i can be clearer... that space is not a space... at least not in any real sense... only if you're talking about some conceptualized drawing of a computer system - and in the original context of malware infecting the bios or microcode, conceptualized drawings don't count.

[Rival] Microsoft Warns People About Security as AV ...
Maybe Arse&Peg can petition the WhiteHouse for the Malware death sentence again ;]] If I understand the article correctly; it's ability to avoid detection requires it to be running. If the host OS isn't, it's not either. ps I must get around to telling you what Hoglund fears about 'When Harry met Sally' (VX_Harry

[Rival] Windows Malware Count Exceeds 5000000
... arachnid <n...@goawayspammers.com> wrote on Fri, 22 Sep 2006 15:49:41 -0500 <pan.2006.09.22.20.49.40.893...@goawayspammers.com>: On Fri, 22 Sep 2006 21:23:12 +0100, Roy Schestowitz wrote: Malware researcher developing stronger Blue Pill Unfortunately, the Blue Pill works on any OS - including Linux.

Microsoft's Latest Horrible Idea of Letting PCs Infect One ...
In her opinion, "we need at least two to three years to implement a foolproof protection against hardware virtualization-based malware." Her ideal solution would be "integrity checking of all system components," but she realizes the difficulties involved. Blue Pill is an example of this undetectable, Type III,

Ripulire un pc da virus e malware da Ubuntu via lan..
(http://anti-virus-rants.blogspot.com/2006/06/blue-pill-is-not-100-undetectable. html)... ad nause[a|u]m ?? please elaborate... "...is no perfect protection... this is a truism, an axiom, and something that the bad guys will tell you ad nauseum in trying to show..." oh, a speeling erorr... thanks,

Windows Vista - Hijackable Before It's Even Released
One is malware designed to sit under today's virtual machines. A proof-of-concept paper proposing such an attack, called Subvirt (PDF), appeared last year, covered a much leaner attack she called Blue Pill, which targets the virtualisation built into Windows Vista ^^^^^^^^^^^^^^ and into current processors from

'Blue Pill' prototype creates 100% undetectable malware
Earlier this year, stealth malware researcher Joanna Rutkowska created a stir at the Black Hat Briefings when she demonstrated a way to infect Windows Vista with a rootkit and introduced Blue Pill, a new concept that uses AMD's SVM/Pacifica virtualization technology to create "100 percent undetectable malware.

Vista vs. Viruses
Jerry McBride mcbrid...@comcast.net comp os linux advocacy arachnid wrote: On Fri, 22 Sep 2006 21:23:12 +0100, Roy Schestowitz wrote: Malware researcher developing stronger Blue Pill Unfortunately, the Blue Pill works on any OS - including Linux. However, getting it to install requires that you run the installer

"Blue Pill" [Was: Does a format remove all virus/spyware?]
"Rutkowska said she's been working on just such a creature over the past few months, and has code-named it Blue Pill. She claims it to be 100% undetectable malware that's not based on an obscure concept. "The idea behind Blue Pill is simple, she said. The operating system "swallows" the Blue Pill and it awakes

Ripulire un pc da virus e malware da Ubuntu via lan..
arachnid n...@goawayspammers.com comp os linux advocacy On Fri, 22 Sep 2006 21:23:12 +0100, Roy Schestowitz wrote: Malware researcher developing stronger Blue Pill Unfortunately, the Blue Pill works on any OS - including Linux. However, getting it to install requires that you run the installer code.

'Blue Pill' prototype creates 100% undetectable malware
The Blue Pill works by bypassing Vista's integrity-checking process and allows unsigned code to be loaded by the Vista kernel. By doing this it allows Malware or unauthorised software to be used. Reports also say Blue Pill is undetectable. Reports now say Microsoft are happy with the information they have received

"Blue Pill" [Was: Does a format remove all virus/spyware?]
... togliere i BHO, OCX, ... Cosa che NON PUOI fare da remoto, visto che il file system che puoi vedere da remoto e' comunque filtrato dal rootkit stesso, e _LUI_ non lo troveresti mai. Sapete cosa vi dico? Voi di computer security non capite un tubo. Provatevi a sradicare Blue Pill della Rutkowska.

Ops...
TPM or "Trusted Computing," can among other things use "dynamic attestation" malware detection to defend against Blue Pill system intrusion. BUT what I've been reading is that the TPM chip itself can be used as an intrusive device by MS/Vista or whomever. Please reconsider before installing this feature if using

Ripulire un pc da virus e malware da Ubuntu via lan..
Dustin Cook bughunter.dus...@gmail.com alt comp virus 4Q wrote: That's like saying cryptography is 100%; it's not. OTP = 100%, even Schneier conceeds this True, with conditions. The OTP must be completely random, of equal size as the data your intending to encrypt, and ONLY used once.

vediamo la cassetta pirata ...escono prima dell'originale (cit.)
Questo vuol dire che qualsiasi protezione che non tenga conto di SVM non sarà in grado di rilevare questa nuova forma di malware. Qua l'articolo http://www.eweek.com/article2/0,1895,1983037,00.asp e qua il blog dell'autore di blue pill http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html.

LONG [News Digest] Linux News Digest for the 24hrs preceeding 17-11-06
Comunque Blue Pill è particolare proprio perché l'autrice sostiene (autorevolissime opinioni contrarie esistono, ea naso darei credito a queste ultime: vedi http://www.virtualization.info/2006/08/debunking-blue-pill-myth.html) che sia impossibile anche solo individuarlo a sistema acceso. Che, poi, sia estremamente

Comeback der Bootsektor-Viren
Si lo so che sembra incredibile, ma la tipa (la Rutkowska) sa quello che dice e tra l'altro ha dimostrato il "blue pill" in almeno un paio di occasioni a gente che sicuramente NON si sarebbe fatta prendere per i fondelli ;-) il fatto è che "blue pill" può sicuramente essere un metodo per combattere il malware ma

Manager Swaps Aimed at Saving Windows
... in Vista is simply a port from XP, but that this feature is new to the OS.†Already broken by Blue Pill - by TRS-80 <http://slashdot.org/~TRS-80> (Score: 4, Interesting) Thread The kernel mode signed driver restriction has already been broken by Blue Pill <http://en.wikipedia.org/wiki/Blue_pill_(malware)>.

"Blue Pill" [Was: Does a format remove all virus/spyware?]
... creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems. http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html i guess the question is: whats the point in building this? jay -- Adventures in Videoblogging <http://www.momentshowing.net> <http://FireAnt.tv>

'Blue Pill' prototype creates 100% undetectable malware
The "Blue Pill" comes pretty close, http://www.eweek.com/article2/0,1895,1983037,00.asp no it does not... i suggest you find a better write-up of how that particular I was just suggesting that "Blue Pill" was hidden at a level that was not previously available. I agree, this is not at the microcode or BIOS level.