This is a very cool idea:
“All the current rootkits and backdoors, which I am aware of, are based on a concept. For example: FU was based on an idea of unlinking EPROCESS blocks from the kernel list of active processes, Shadow Walker was based on a concept of hooking the page fault handler and marking some pages as invalid…
Over the past few months I have been working on a technology code-named Blue Pill, which is just about that – creating 100% undetectable malware, which is not based on an obscure concept.
The idea behind Blue Pill is simple: your operating system swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill hypervisor.
I would like to make it clear, that the Blue Pill technology does not rely on any bug of the underlying operating system. I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run on x64 platform.”
Here is the blog post.
I wonder about the implementation details! Greg Hoglund often spoke about sandboxing the OS via kernel drivers. How is this different? (I suppose the difference is the methodology of injecting arbitrary code into kernel space.)
Popularity: 4%
