Challenge Blue Pill

Researcher challenged to prove 100% undetectable rootkit claim.

Joanna Rutkowska, the security researcher who last year claimed that she can create 100% undetectable malware, has been challenged by fellow researchers to prove it. Rutkowska made the claims about her Blue Pill rootkit technology at last year's Black Hat conference. However, Thomas Ptacek, Nate Lawson and Peter Ferrie - who will be presenting a paper at this year's Black Hat entitled 'Don't tell Joanna: the virtualized rootkit is dead' - argue that it is impossible to create a 100% undetectable rootkit, and have invited Rutkowska to prove them wrong.

Rutkowska has accepted the challenge on a number of conditions, one of which is that she and her Invisible Things team be compensated for the work they put in to bringing their creation to the required level. She estimates she and her team have already put four person-months into working on Blue Pill and that it would take another 12 person-months to get it to a stage at which it was undetectable. Ptacek et al. argue that, since they have only spent around one person-month working on their detector, they already stand at a 16:1 advantage. Both 'teams' will present their research at Black Hat USA at the start of next month.

01 July 2007

Tags: del.icio.us digg this