Joanna Rutkowska, the security researcher who one year ago built a working prototype, code-named Blue Pill, of a rootkit capable of creating malware that remains "100 percent undetectable," has tacitly conceded to a group of security researchers that the detector code they cooked up in the past month will in fact ferret out Blue Pill—at this point in its development, at any rate. Tom Ptacek, security researcher and founder of New York-based Matasano Security, posted a note on June 27 saying that he, along with his fellow security researchers who had worked on hypervisor rootkit detection, were inviting Rutkowska to a challenge at Black Hat Briefings in Las Vegas sometime on Aug. 1 or 2.
"Joanna, we respectfully request terms under which you'd agree to an 'undetectable rootkit detection challenge.' We'll concede almost anything reasonable; we want the same access to the (possibly-)infected machine that any anti-virus software would get," Ptacek wrote. Rutkowska posted a message saying she was ready for the challenge. But she stipulated that the challenging researchers—Ptacek, Nate Lawson of Root Labs, Symantec researcher Peter Ferrie and Matasano's Dino Dai Zovi—fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.
View: The full story
News source: eWeek
"Joanna, we respectfully request terms under which you'd agree to an 'undetectable rootkit detection challenge.' We'll concede almost anything reasonable; we want the same access to the (possibly-)infected machine that any anti-virus software would get," Ptacek wrote. Rutkowska posted a message saying she was ready for the challenge. But she stipulated that the challenging researchers—Ptacek, Nate Lawson of Root Labs, Symantec researcher Peter Ferrie and Matasano's Dino Dai Zovi—fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.
View: The full story News source: eWeek
I want one hundred billion dollars!
I want one hundred billion dollars!
lol... we both had the same first thought
Well. Why you dont give me "that" only
They must expect to make a fortune from this, will Sony or RIAA purchase the technology?
a.- the "malware" must be allowed to create the rootkit (of course)
b.- Default applications cannot see it.
c.- System must be able to see it (if the OS cannot read it then this rootkit cannot be execute).
d.- And since the system can read it, a custom application also can read it (and modify it).
a 100% undetectable can be a rootkit that don't meet c.- and d.- may be a truly "hidden ninja" rootkit but useless
Or a may be a rootkit that cannot be visible by a custom application but there always a chance to a new application will be able to detect it.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.