Joanna Rutkowska, founder of Invisible Things Lab, has released the source code of the latest version of Blue Pill, a virtualization-based piece of malware that she claims is undetectable.

At the recent Black Hat conference, Rutkowska said that the purpose of releasing Blue Pill is to get the technology into the hands of researchers so they can study this form of malware further.

However, she acknowledged the efforts made by researcher Edgar Barbosa that has come closest to devising a method for detecting Blue Pill, and said she hadn’t yet found a way to evade Barbosa’s so-called counter-based detection method.

The release of the code will give other researchers the opportunity to test their rootkit detection research to in an attempt to disprove the claim that Blue Pill is undetectable.

A team of researchers who earlier challenged Rutkowska’s claim presented their rootkit detection platform called Samara at the Black Hat conference. The team which includes Thomas Ptacek, co-founder of Matasano Security; Peter Ferrie, senior researcher at Symantec; and Nate Lawson, also plan to release their source code to help advance the research around this topic.

But Rutkowska maintains that their method simply doesn’t work as advertised.

The Blue Pill code publicly available for download at the Blue Pill project website can apparently only be compiled under Windows using the Driver Development Kit (NTDDK).

Related:

Microsoft Research releases software source code to AIDS research

Researcher releases patch for Windows URI bug ahead of Microsoft

Security researchers say Windows .ANI problem surfaced two years ago, Microsoft should have prevented it

Researcher lambastes Google over Gadgets phishing flaw

Phillips new iPill is a break thru drug delivery system

Entry was posted on Saturday, August 4th, 2007 at 4:29 pm under Security.  Print This Post

Read more entries by Ruben Francia.
Stumble It!