BlackHat computer security conference

And now for something a little different, I take information from WXPNews to share with you. I found something interesting on the creation of a security exploitation, a new type of rootkit (watch out Sony...you better not be putting this on Switchfoot's next album).

Blue Pill is a type of rootkit - that is,malware that conceals itself from security software. Although some articles andblogs have given the impression that it's based on a vulnerability in the Vistaoperating system, it's actually based on AMD's SVM Pacifica virtualizationtechnology (and Rutkowska herself has been very clear that the exploit is notbased on any flaw in Vista). The Pacifica technology provides "chiplevel" virtual partitioning to allow for running multiple operating systemssimultaneously on the same computer (virtual machines or VMs). Pacifica is anextension to the 64 bit x86 architecture and is included on the Athlon 64 andTurion 64 processors. Although Rutkowska's Blue Pill prototype was developed torun on Vista, it can be adapted for Linux or any other 64 bit operating systemthat runs on this hardware.

The reason this rootkit is so difficult to detect is because the operatingsystem is running inside the hypervisor, or VM, whereas the rootkit is runningunderneath the VM. Since the rootkit files are outside of the virtual OS,there's no way for the operating systm to detect that they're there. MicrosoftResearch had previously developed a proof of concept VM rootkit called SubVirt.

OK. Now off to your Goggling.