Researchers: 'Blue Pill' Rootkit Detectable
Posted by Daniel Fleshbourne on 29 June 2007 - 11:32 · 7 comments & 2334 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(3 replies)
#1 Posted by XerXis on 29 Jun 2007 - 11:35
- Quote -fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.
I want one hundred billion dollars! -
#1.1 Posted by Budious on 29 Jun 2007 - 11:38
- Quote - (XerXis said @ #1)Quote -fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.
I want one hundred billion dollars!
lol... we both had the same first thought
-
#1.2 Posted by Croquant on 29 Jun 2007 - 13:33
- Um, assuming it's an eight-hour day at $200 an hour, that's only $576,000 for two people for six months (at 30 days per month... we'll assume that they work weekends and holidays.)
-
#2 Posted by Budious on 29 Jun 2007 - 11:38
- "...fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness."
They must expect to make a fortune from this, will Sony or RIAA purchase the technology?
-
#3 Posted by Express on 29 Jun 2007 - 11:39
- Please don't do this. Funding a Rootkit development is a bad idea. Sooner or later the code will be presented at some research conference or used by rogue employees and spread.
-
#4 Posted by Magallanes on 29 Jun 2007 - 18:41
- Rootkit works in the next basis:
a.- the "malware" must be allowed to create the rootkit (of course)
b.- Default applications cannot see it.
c.- System must be able to see it (if the OS cannot read it then this rootkit cannot be execute).
d.- And since the system can read it, a custom application also can read it (and modify it).
a 100% undetectable can be a rootkit that don't meet c.- and d.- may be a truly "hidden ninja" rootkit but useless
Or a may be a rootkit that cannot be visible by a custom application but there always a chance to a new application will be able to detect it.
"Joanna, we respectfully request terms under which you'd agree to an 'undetectable rootkit detection challenge.' We'll concede almost anything reasonable; we want the same access to the (possibly-)infected machine that any anti-virus software would get," Ptacek wrote. Rutkowska posted a message saying she was ready for the challenge. But she stipulated that the challenging researchers—Ptacek, Nate Lawson of Root Labs, Symantec researcher Peter Ferrie and Matasano's Dino Dai Zovi—fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.