Blah blah blah. Please someone tell Rokowska that we know about what she calls "blue pill" since we where little kids.<br><br>It was exposed *years ago* (1995 to be exact > 12 years) by Mark A. Ludwig in his Giant Book of Computer viruses Page 391 from American Eagle Publications, Inc. Chapter "Protected mode stealth"
<br><br>Basically was moving the operating system into userland and running the virus in ring-0 making it almost undetectable. It was called Isnt not blue whatever. Yes well with vanderpool technology should be a lot easier given the hardware support.
<br><br>And guess what.. We are still alive even with a POC virus and it's source code available to the public.<br><br>I hate that kind of noisy sensationalist press so much. That guy is always doing it.<br>And btw I don't believe such thing to be totally undetectable. There's always a little catch.
<br><br>Regards<br>Waldo<br><br><br><div><span class="gmail_quote">On 6/30/07, <b class="gmail_sendername">Bipin Gautam</b> <<a href="mailto:gautam.bipin@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
gautam.bipin@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
hi guys,<br><br>ref: <a href="http://blogs.zdnet.com/security/?p=334" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://blogs.zdnet.com/security/?p=334</a><br><br>so are they teasing by making her the impossible challenge at this date? :)
<br><br>honeypot developers have been trying to battle the same issue of
<br>making the virtual machine emulate guest OS like the it is run in real<br>hardware since some years now.<br><br>ref: <a href="http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
</a><br><br>But if Rutkowska or anyone is able to succeed to make it undetectable<br>in current hardware that would be genius!<br><br>-bipin<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.
<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia -
<a href="http://secunia.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://secunia.com/
</a><br></blockquote></div><br>