Undetectable Rootkits using Virtualization

["Joe Pezzillo" <jpezzillo@xxxxxxxxx>]

If you thought the security problems in existing systems were bad,  
check this out:

http://theinvisiblethings.blogspot.com/2006/06/introducing-blue- 
pill.html


"Now, imagine a malware (e.g. a network backdoor, keylogger, etc...)  
whose capabilities to remain undetectable do not rely on obscurity of  
the concept. Malware, which could not be detected even though its  
algorithm (concept) is publicly known. Let's go further and imagine  
that even its code could be made public, but still there would be no  
way for detecting that this creature is running on our machines...

Over the past few months I have been working on a technology code- 
named Blue Pill, which is just about that - creating 100%  
undetectable malware, which is not based on an obscure concept."


[Note: this is not a script kiddie writing this, it's a world-class  
security researcher who will be presenting her work at the Black Hat  
conference at the end of July, comments on the blog indicate that a  
similar exploit for Intel's virtualization technology is also going  
to be presented]