Challenge Blue Pill

Researcher challenged to prove 100% undetectable rootkit claim.

Joanna Rutkowska, the security researcher who last year claimed that she can create 100% undetectable malware, has been challenged by fellow researchers to prove it. Rutkowska made the claims about her Blue Pill rootkit technology at last year's Black Hat conference. However, Thomas Ptacek, Nate Lawson and Peter Ferrie - who will be presenting a paper at this year's Black Hat entitled 'Don't tell Joanna: the virtualized rootkit is dead' - argue that it is impossible to create a 100% undetectable rootkit, and have invited Rutkowska to prove them wrong.

Advertise on www.virusbtn.com

Rutkowska has accepted the challenge on a number of conditions, one of which is that she and her Invisible Things team be compensated for the work they put in to bringing their creation to the required level. She estimates she and her team have already put four person-months into working on Blue Pill and that it would take another 12 person-months to get it to a stage at which it was undetectable. Ptacek et al. argue that, since they have only spent around one person-month working on their detector, they already stand at a 16:1 advantage. Both 'teams' will present their research at Black Hat USA at the start of next month.

01 July 2007

Tags:    del.icio.us  digg this! digg this

Quick Links



Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments

Jobs Recruit Sidebar

Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago


virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago


Jobs

In Virus Bulletin's jobs pages among others:
Virus Bulletin currently has 208,224 registered users.