Blue Pill: The first effective Hypervisor Rootkit


...Joanna Rutkowska has come up with a whole new class of rootkits that's nothing like we've ever seen which requires a whole new way of detecting rootkits.

Blue Pill is the name that Rutkowska gave for this new breed of rootkits that take advantage of AMD's Pacifica virtualization technology called SVM (Secure Virtual Machine) though future versions will be ported to Intel VT-x virtualization technology [UPDATE: Dino Dai Zovi actually independently created a Hypervisor VT-x based rootkit]. The "blue pill" references one of the pills offered to our hero Neo in the movie "The Matrix". Blue Pill: The first effective Hypervisor Rootkit | George Ou | ZDNet.com

Linked by shanmuga Friday, 18th August 2006 12:40AM