“Blue Pill” Rootkit freely available
Security researcher and rootkit specialist Joanna Rutkowska has published the source-code of a completely rewritten “Blue Pill” virtualization rootkit.
The rootkit takes advantage of so called hardware virtualized machines (HMVs) to shift Windows into a virtual machine without the OS’s permission or recognition of the fact. Currentl only AMD’s VT-x/Pacifica technology is supported to pull Windows under the control of a hypervisor.
The “Blue Pill” project has been started by Joanna Rutkowaska and the first proof of concept had been demonstrated at the Black Hat conference in 2006. The idea behind a virtual machine rootkit is one of the most challenging in the field of computer security so far.
Filed under: AMD, Hardware, Microsoft, News, Security, Windows | 4 Comments