Re: [Full-disclosure] Rutkowska faces ‘100% undetectable malware’ challenge, teasing?

[wac <waldoalvarez00 () gmail com>]

Blah blah blah. Please someone tell Rokowska that we know about what she
calls "blue pill" since we where little kids.

It was exposed *years ago* (1995 to be exact > 12 years) by Mark A. Ludwig
in his Giant Book of Computer viruses Page 391 from American Eagle
Publications, Inc. Chapter "Protected mode stealth"

Basically was moving the operating system into userland and running the
virus in ring-0 making it almost undetectable. It was called Isnt not blue
whatever. Yes well with vanderpool technology should be a lot easier given
the hardware support.

And guess what.. We are still alive even with a POC virus and it's source
code available to the public.

I hate that kind of noisy sensationalist press so much. That guy is always
doing it.
And btw I don't believe such thing to be totally undetectable. There's
always a little catch.

Regards
Waldo


On 6/30/07, Bipin Gautam <gautam.bipin () gmail com> wrote:
> hi guys,
>
> ref: http://blogs.zdnet.com/security/?p=334
>
> so are they teasing by making her the impossible challenge at this date?
> :)
>
> honeypot developers have been trying to battle the same issue of
> making the virtual machine emulate guest OS like the it is run in real
> hardware since some years now.
>
> ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
>
>
> But if Rutkowska or anyone is able to succeed to make it undetectable
> in current hardware that would be genius!
>
> -bipin
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/