Blog 4 Jordan Day

Visitor of the day


  • You
    from

Brag Stats

  • Comments:25,004
  • Articles:2,000
  • Article Hits:12,459,805
  • Unique Visitors:2,000,438
  • Rss Subscribers:3,052
  • Comment Subscribers:2,530
  • Spammers:136,315
  • Generated :757,671 spams
  • Monitoring:3,942,477 spam IPs
Powered by Qwaider Shield

Recent Comments

Check out the latest pictures on Sweetestmemories

« Superman Returns(2006)الزواج بالمــراسـلـــة؟؟؟ »

Blue Pill can go totally undetected


    • Currently 4.6/5 Stars.
    • 1
    • 2
    • 3
    • 4
    • 5

    Rated 4.6/5 stars (228 votes cast)

    No I'm not talking about Viagra, I'm talking about a serious threat to computer security. And this time it's not Microsoft's fault. Linux, and MAC may also suffer from the same problems

    redblue

    Fellow blogger Joanna Rutkowska(Invisible Things) , a researcher at Singapore based COSEINC have managed to create a working prototype for malware that can go completely undetected on your computer. Not only that, it would be almost impossible to remove since the insertion of the Blue pill would happen in real-time and not require a restart. And will continue to run in complete stealth and away from all removal and detection tools

    While the idea is very similar to the Virtual Machine (VM), it's actually different by having a very thin layer between the OS and the processor. While in the classical VM model it would execute before the OS preventing any detection and removal tool from getting to it. But the VM Model has couple of caveats where it could be removed in offline mode.

    The interesting part is that there's also a Red Pill which is a way to detect weather code is running under Virtual machine or real environment.

    Update: The main problem is that basically your operating system thinks he's running on the computer, but it's running in a virtual world like in the matrix movies. Which is scary because if the OS and removal tools are unaware they're being run under something else. They will be confused. While the malware might be doing keylogging, password collection, running as services. Blocking you from getting needed security patches and what's worse? They can all be controlled remotely

    I discussed it a little bit on Joannas. This is very interesting topic for security freaks. check out these resources:

    Microsoft SubVirt

    Invisible things

    COSNEIC Research

    And my comment:

    Qwaider قويدر said...

    I personally think that this is just another attack victor previously un thought of. So it's quite ground breaking. But it come as a result of poor designs at multiple levels. From software to hardware. In the old days of computers. people learned to load before the OS by targeting boot loaders, partition tables ...etc later all of those were detected. some did weird things the bios and almost anywhere they can store and execute code

    I think the concept of a Redpill that would actually be a low level app that would interact directly with SVM could eventually be part of any malware removal kit. It would be even easier for someone to write a "Pill-Proof" pill that would detect attempts to execute a bluepill and stop it.
    One thing is certain, things will continue to escalate.

    June 29, 2006 1:00 AM

    Other Memories Documented on June 29
    « Superman Returns(2006)الزواج بالمــراسـلـــة؟؟؟ »

    Memories....

    akalna hawa :D
    I will not pretend that I understand all the technicalities …..but sounds very bad !! Allah Yostor : (
    It's VERY bad. These new attacks are simply unstopable today. And it's not the software's fault but a cascade of problems leading to this
    Things are going to escalate, before viable remidies are developed. My suggest to Juanna (Anti pill" pill might be the only way to stop these. I just updated the article about what virtual machine means
    Hey...that's a really good topic...you know I've been working for a week now on customizing an open source CMS called joomla...and as i was tracking security holes...I found many creative ways to hack that WCMS...people are getting more agressive with their creativity these days...allah yostor...
    LOL, qwaider don't kill me but I'm going to say something has nothing to do with this post but its picture :-) For some reason this picture reminded me immediately of "al a3war al dajjal" idea! When he goes out holding the hell in a hand and the heaven in another, I'm sure you know the rest of the story! However In both cases Allah yostor jad :-)
    wala eshi, brilliant idea ! sam3a jdeedi wallah...malware running as a VM..!
    • #7
    • Rauliim
    • Windows Internet Explorer
    • Said
    • On: 7/11/2006 8:45:40 PM
    Good job guys! Very nice site!  
    • #8
    • Annetdv
    • Windows Internet Explorer
    • Said
    • On: 7/12/2006 5:10:08 AM
    Nice job!
    • #9
    • Fredprv
    • Windows Internet Explorer
    • Said
    • On: 7/14/2006 11:45:47 PM
    Good stuff dude, thanks!  [deleted by admin]
    You too can have your Memories Documented

    Country:

    HTML has been disabled but if you wish to add any hyprlinks or text formating you can use any of the following codes: [B]bold text[/B], [I]italic text[/I], [U]underlined text[/U], [S]strike through text[/S], [URL]http://www.yourlink.com[/URL], [URL=http//www.yourlink.com]your text[/URL]

    Whisper (your comment will not be displayed)

    Please refer to Commenting policy


    Notify me of follow-up comments by email
    « Superman Returns(2006)الزواج بالمــراسـلـــة؟؟؟ »
    Read by:
  • Guests(2)-
  • |
  • Guests(10)-
  • |
  • Guest-
  • |
  • Guests(11)-
  • |
  • Guests(4)-
  • |
  • Guests(14)-
  • |
  • Guests(4)-
  • |
  • Guests(2)-
  • |
  • Guest-
  • |
  • Guests(64)-
  • |
  • Guest-
  • |
  • Guests(2)-
  • |
  • Lawrence-
  • |
  • Guests(85)-
  • |
  • Guests(3)-
  • |
  • Guest-
  • |
  • Guests(2)-
  • |
  • Guests(410)-
  • |
  • Jewelry wholesale -
  • |
  • Guests(3)-
  • |
  • Guests(4)-
  • |
  • Guests(40)-
  • |
  • Guests(360)-
  • |
  • Guests(14)-
  • |
  • Guest-
  • |
  • Guest-
  • |
  • Guests(12)-
  • |
  • abdelaziz-
  • |
  • Guests(7)-
  • |
  • Guests(6)-
  • |
  • Guests(20)-
  • |
  • Guests(12)-
  • |
  • Guests(225)-
  • |
  • Guests(87)-
  • |
  • heel lift inserts-
  • |
  • Guests(2)-
  • |
  • Guests(22)-
  • |
  • Guest-
  • |
  • Guests(6)-
  • |
  • Guests(8)-
  • |
  • Guests(4)-
  • |
  • Guest-
  • |
  • Guests(13)-
  • |
  • Guests(2)-
  • |
  • Guests(10)-
  • |
  • Guests(2)-
  • |
  • Guests(15)-
  • |
  • Guests(36)-
  • |
  • Guests(9)-
  • |
  • Guests(38)-
  • |
  • Guest-
  • |
  • Guests(15)-
  • |
  • Guest-
  • |
  • Guests(21)-
  • |
  • Guests(9)-
  • |
  • Guests(39)-
  • |
  • Guests(15)-
  • |
  • Guests(6)-
  • |
  • Guests(8)-
  • |
  • Guest-
  • |
  • Guests(39)-
  • |
  • Guests(10)-
  • |
  • Guests(10)-
  • |
  • Guest-
  • |
  • Guests(462)-
  • |
  • Guests(20)-
  • |
  • Guests(4)-
  • |
  • Guests(6)-
  • |
  • Guests(9)-
  • |
  • Guests(2)-
  • |
  • Guests(37)-
  • |
  • Guests(4)-
  • |
  • Guests(26)-
  • |
  • Guests(2)-
  • |
  • Guests(686)-
  • |
  • Guests(16)-
  • |
  • Guest-
  • |
  • Guests(279)-
  • |
  • Guests(9)-
  • |
  • Guests(5)-
  • |
  • Guests(10)-
  • |
  • Guest-
  • |
  • Guests(9)-
  • |
  • Guests(4)-
  • |
  • Guests(25)-
  • |
  • Guests(2)-
  • |
  • Guests(22)-
  • |
  • Guests(693)-
  • |
  • Guests(7644)-
  • |
  • Idell-
  • |
  • Maioush-
  • |
  • secratea-
  • |
  • Guests(35)-
  • |
  • Guests(3)-
  • |
  • Guests(12)-
  • |
  • Guests(59)-