Experts challenge claim of undetectable rootkits

Four well-known researchers challenged rootkit guru Joanna Rutkowska on Thursday to prove that a rootkit can be made undetectable.

The four researchers — independent Dino Dai Zovi, Peter Ferrie of Symantec, Nate Lawson of Root Labs (corrected) and Thomas Ptacek of Matasano — stated that any rootkit that runs on the host of a virtual environment, leaves so many telltale signs that it can be detected.

More at http://www.securityfocus.com/brief/537

Also: Researchers: ‘Blue Pill’ Rootkit Detectable

Joanna Rutkowska, the security researcher who one year ago built a working prototype, code-named Blue Pill, of a rootkit capable of creating malware that remains “100 percent undetectable,” has tacitly conceded to a group of security researchers that the detector code they cooked up in the past month will in fact ferret out Blue Pill—at this point in its development, at any rate.

Tom Ptacek, security researcher and founder of New York-based Matasano Security, posted a note on June 27 saying that he, along with his fellow security researchers who had worked on hypervisor rootkit detection, were inviting Rutkowska to a challenge at Black Hat Briefings in Las Vegas sometime on Aug. 1 or 2.

http://www.eweek.com/article2/0,1895,2152137,00.asp

Leave a Reply