Author Topic: The Undetectable Malware That Real Hackers Don't Seem to Want  (Read 1408 times)

Offline whitetop

  • E = MC² Mad Scientist
  • *
  • Posts: 1910
  • Post quality +39/-12
  • Gender: Male
  • im not in the ass kissing team
The Undetectable Malware That Real Hackers Don't Seem to Want
« on: August 06, 2011, 06:33:45 AM »


AS VEGAS -- Remember the Blue Pill? That was the undetectable rootkit that was all the talk at Black Hat five years ago. It seemed scary. The Blue Pill was one of a new breed of malicious programs that would slip themselves underneath the operating system in a virtual machine hypervisor and silently tamper with the computer's kernel in order to do their bad stuff.

Researchers even developed equally technical countermeasures to detect these sneaky attacks.

Five years ago, virtualized rootkits seemed like a very frightening possibility, but today not so much. Why? Because they're really hard to write, and other, easy-to-use technologies work just fine, thank you very much.

Alex Stamos, a founder of NCC Group's iSec Partners spends a lot of time investigating computer intrusions and he said that he's never seen a Blue Pill type rootkit in the real world -- even in the most technically sophisticated attacks.

"There's a lot of talks here at black hat about the race to ring zero, right. Of people going out and saying I wrote a better rootkit that you can't detect," he said at Black Hat this week. "It turns out that nobody in the real world actually does any of that stuff. You never see Blue Pills. You never see people doing hypervisor rootkits. You rarely see real state-sponsored attackers even going into the kernel"

When you start messing around with the Windows kernel, you're playing with fire, or in Windows terms, you're playing with the Blue Screen of Death. Software that works fine on Windows 7, might crash on Vista or XP. And a frantic call for IT support is just the kind of attention that sophisticated hackers want to avoid. So instead they write rootkits that run in usermode -- software that could be detected by programs running on the computer -- and they use a variety of tried and true tricks to make them hard to detect. They'll name their rootkit after a service that you're likely to see and they'll mixup way the software of put together so that it skirts antivirus detection, for example.

Blue Pill's author Joanna Rutkowska pretty much agrees with Stamos. "The traditional methods of system compromise (either via usermode or traditional kernelmode rootkits) still work just fine. Really, what new (gamechanging) OS protections against compromises have been added in the last 5 years to Windows or Mac?" she says.
come to the rite place if you kiss admins as they promote you to admin.

Offline FOOKz™

  • Hardware Modder
  • Research & Development
  • E = MC² Mad Scientist
  • *
  • Posts: 2070
  • Post quality +37/-2
  • Electronics Expert Electrical Engineer
Re: The Undetectable Malware That Real Hackers Don't Seem to Want
« Reply #1 on: August 06, 2011, 02:21:15 PM »
Blue Pill rootkits sound just like what stuxnet was. Stuxnet was a computer virus that was immensely sophisticated and attacked Siemens industrial FPGA/PLC controllers running on Windows Server to probably to destroy Iran's nuclear reactors.

I've seen stuxnet once on a Siemen's home network that controls lighting, HVAC, the alarm system and all of that. It does nothing but its scary to know it spreads fast.


Follow my Instagram and subscribe to my YouTube

Offline geraldrubalcava

  • E = MC²
  • *
  • Posts: 351
  • Post quality +15/-3
  • Gender: Male
  • Acidmods User
Re: The Undetectable Malware That Real Hackers Don't Seem to Want
« Reply #2 on: August 06, 2011, 04:03:43 PM »
hahahah these roots kits remind me back in 2005 sony music entertainment installed a root kit on you computer if you tried to use it.... it lead to alot of viruses.

 

SMF spam blocked by CleanTalk
SimplePortal 2.3.5 © 2008-2012, SimplePortal