Blue Pill (malware)

From Wikipedia, the free encyclopedia

Blue Pill is the codename for a somewhat controversial rootkit based on virtualization technology that targets Microsoft's Windows Vista operating system. Blue Pill uses AMD Pacifica virtualization technology, but reportedly could be ported to use Intel Vanderpool. It was designed by Joanna Rutkowska and demonstrated at the Black Hat Briefings on August 3, 2006.

According to the author, by using Pacifica, Blue Pill would be able to trap a running instance of the operating system into a virtual machine, and would then act as a hypervisor, with complete control of the computer. Joanna Rutkowska claims that, since any detection program could be fooled by the hypervisor, such a system would be "100% undetectable".^[1]

This assessment, repeated in numerous press articles, is disputed: AMD issued a statement dismissing the claim of full undetectability^[2]. Some other security researchers and journalists also dismissed the concept as unsubstantiated fear-mongering^[3][4].

The name Blue Pill is a reference to the bluepill from the The Matrix film trilogy.

[edit] References

1. ^ 'Blue Pill' Prototype Creates 100% Undetectable Malware, Ryan Naraine, eWeek.com
2. ^ Faceoff: AMD vs. Joanna Rutkowska, eWeek.com
3. ^ Debunking Blue Pill Myth, virtualization.info
4. ^ Blue Pill is an attention-whoring non-threat, period, Tom Yager, InfoWorld

[edit] External links

• Introducing the Blue Pill by Joanna Rutkowska
• InternetNews - Blackhat takes Vista to Task
• Heading Off the Hackers Business Week, August 10, 2006
• Blue Pill Episode 54 of the Security Now Podcast
• Black Hat 2006 Presentation