The rootkit developed by famous security researcher Joanna Rutkowska known as “Blue Pill” was once unstoppable, with claims that the malware was 100% undetectable and therefore extremely dangerous and useful for hackers (so why did she make it then- it’s like making a nuclear bomb just to see if you could). Now, Tom Ptacek and some close research buddies have found a way to detect the rootkit, and have challenged Joanna to a Secure-off aka SecureDown. This is all kind of like how the agents were impossible to beat until Neo came along, i.e. Tom Ptacek = Neo and Joanna/Blue Pill = Agent Smith.

In response to the offer of a showdown

Rutkowska posted a message saying she was ready for the challenge. But she stipulated that the challenging researchers—Ptacek, Nate Lawson of Root Labs, Symantec researcher Peter Ferrie and Matasano’s Dino Dai Zovi—fund two people, full-time for six months at $200 per hour, to develop the rootkit to a state of readiness.

Since the “Blue Pill” operates in the hypervisor level of the computer host, it is much harder to detect than a simple rootkit on the hard drive. Of course, most security enthusiasts think that this undetectable rootkit is a scare tactic or exaggeration, I somewhat agree. Even though hardcore system protection analysts can see right through this problem, an average novice computer user would have a lot more trouble realizing exactly how this rootkit even works (find out more about the Hypervisor Level in computers).

Either way, the challenge date between the two teams for rootkit supremacy is set to be at the Black Hat Briefings on August 1 or 2, loser goes home. Read the rest of the story here.

1. RonWorkman says:
   June 29th, 2007 at 12:21 pm

   The title alone sucked me in. I still don’t understand what it meant though.

2. L.T. says:
   June 29th, 2007 at 3:29 pm

   I nominate Cameron for “longest blog post titles of the year”. He has a knack for it.

   In regard to this article. It’s like “Hackers” all over again.