Joanna Rutkowska, the security researcher who one year ago built a working prototype, code-named Blue Pill, of a rootkit capable of creating malware that remains "100 percent undetectable," has tacitly conceded to a group of security researchers that the detector code they cooked up in the past month will in fact ferret out Blue Pill—at this point in its development, at any rate. Tom Ptacek, security researcher and founder of New York-based Matasano Security, posted a note on June 27 saying that he, along with his fellow security researchers who had worked on hypervisor rootkit detection, were inviting Rutkowska to a challenge at Black Hat Briefings in Las Vegas sometime on Aug. 1 or 2.
"Joanna, we respectfully request terms under which you'd agree to an 'undetectable rootkit detection challenge.' We'll concede almost anything reasonable; we want the same access to the (possibly-)infected machine that any anti-virus software would get," Ptacek wrote. Rutkowska posted a message saying she was ready for the challenge. But she stipulated that the challenging researchers—Ptacek, Nate Lawson of Root Labs, Symantec researcher Peter Ferrie and Matasano's Dino Dai Zovi—fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.