Hacker Smackdown
Researchers at odds over whether virtualized rootkits are detectable
June 29, 2007
A showdown is brewing between two sets of security researchers over whether virtualization-based rootkits are detectable in a system or not.
A trio of researchers has publicly challenged Joanna Rutkowska, who made a name for herself at last year's Black Hat USA conference for cracking the kernel in Microsoft's Windows Vista beta release and since has led groundbreaking research in stealth malware, to let them prove that they can indeed detect her homegrown stealth virtual machine code called Blue Pill. They have offered her two shrink-wrapped laptops of her choice, one of which she would infect with Blue Pill -- if they can't find the laptop with the stealth malware, she gets to keep the machines. (See Rutkowska Launches Own Startup, Black Hat Woman, How to Cheat Hardware Memory Access, and Hacking the Vista Kernel.)
But the contest, proposed to take place at Black Hat USA in July, probably won't materialize -- at least in the near-term. It was the brainchild of Thomas Ptacek, co-founder and researcher with Matasano Security; Nate Lawson, researcher at Root Labs; and Peter Ferrie, senior researcher at Symantec, to disprove Rutkowksa's claims that there's no way to detect this type of malware.
In response to their challenge, Rutkowska has stipulated a six-month window to further develop the current version of her Blue Pill code, which she says is more a prototype than a "commercial grade rootkit." She also asked for five machines rather than two to eliminate the 50 percent chance the researchers could basically guess the infected machine.
Get the whole story at Dark Reading.Kelly Jackson Higgins, Senior Editor, Dark Reading
You May Also Like