Undetectable Malware?

[Antarctica]

A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.


http://www.eweek.com/article2/0,1895,1983037,00.asp

[steve1955]

Quote:

Originally Posted by Antarctica

A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.


http://www.eweek.com/article2/0,1895,1983037,00.asp

Its only udetectable at the moment!do you really think it will remain so forever(or even or very long)?

[sosaiso]

It's undetectable because it hasn't made it onto the blacklists yet. That is the weakness of anti- [insert word here. ie. viruses, trojan, malware]. They rely on signatures. AKA blacklists. If it hasn't been seen, it won't be prevented.

[Mrkvonic]

Hello,
It's so simple. Boot from CD / DVD ... Check out for files and folders that aren't there in normal state ...
Mrk

[emir]

Mrkvonic, are you referring to something along the lines of Bart's PE, something which does not let the hard drive start up at all? Because I have read articles describing this, I can't remember where though. This is very good point for detection, but if you don't know it's there(polymorphonic/no signature) I guess you could just do this on the regular for good measure. Like if you are just that paranoid or curious or are admin of sensitive information database right? So like Knoppix STD or other Linux live distro is right up this alley huh?

[Meriadoc]

Quote:

Originally Posted by Antarctica

A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.


http://www.eweek.com/article2/0,1895,1983037,00.asp

Unless we...
Gain control beneth the rootkit.
Gain control before os.
Have hardware detection, Intel, AMD.

It will be interesting to see how the relationship proceeds between concept and technology.

...If you dont know Joanna Rutkowskas work you can checkout her site/blog http://theinvisiblethings.blogspot.com/

[Mrkvonic]

Quote:

Originally Posted by emir

Mrkvonic, are you referring to something along the lines of Bart's PE, something which does not let the hard drive start up at all? Because I have read articles describing this, I can't remember where though. This is very good point for detection, but if you don't know it's there(polymorphonic/no signature) I guess you could just do this on the regular for good measure. Like if you are just that paranoid or curious or are admin of sensitive information database right? So like Knoppix STD or other Linux live distro is right up this alley huh?

Hello,
Yes, BartPE, Helix, Knoppix, etc...
Mrk

[oopsminded]

Quote:

Originally Posted by Mrkvonic

Hello,
It's so simple. Boot from CD / DVD ... Check out for files and folders that aren't there in normal state ...
Mrk

Joanna Rutkowska, on http://theinvisiblethings.blogspot.com/

Quote:

The phrase "on the fly" is the most important thing about Blue Pill - it makes it possible to install a blue pill based malware without restarting the system and without any BIOS or boot sector modifications. I wish all those people who were posting about how easy it would be to detect Blue Pill by booting a system from a clean CD, spent more time on reading my original blog article, instead creating useless posts... (just a little wish).

[Mrkvonic]

Hello,
Negative.
Mrk

[controler]

Yes this was posted about over here and with not much response.

http://www.wilderssecurity.com/showt...=135615&page=2

Based on what was wirtten over at antirootkit.com.

[controler]

I knew of Johanna's invisable.org site but guess I didn't know of her blog.

And I did make a comment about the same group from rootkit dot com hanging out at antirootkit dot com but it really makes no difference.



controler