Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Experts challenge claim of undetectable rootkits
Published: 2007-06-28

Four well-known researchers challenged rootkit guru Joanna Rutkowska on Thursday to prove that a rootkit can be made undetectable.

The four researchers -- independent Dino Dai Zovi, Peter Ferrie of Symantec, Nate Lawson of Root Labs (corrected) and Thomas Ptacek of Matasano -- stated that any rootkit that runs on the host of a virtual environment, leaves so many telltale signs that it can be detected.

Last year, Dai Zovi and Rutkowska unveiled separate projects that use the hypervisor virtualization technology on AMD and Intel processors to create hard-to-detect rootkits, a technique dubbed "hyperjacking". Rutkowska called her project "Blue Pill," after the object in the movie The Matrix that would leave the protagonist Neo in the virtualized environment still controlled by the machines.

In answering the challenge in a blog post on Thursday, Rutkowska said she will take the bet, but only if the challengers found a sponsor to pay her and her company's co-founder for the time to create the code at a whopping $416,000 price tag.

"Our current Blue Pill has been in the development for only about two months -- please note that we do not have rights to use the previous version developed for (my previous company) -- and it is more of prototype, with primary use for our training ... rather then a 'commercial grade rootkit'," she said, adding that to bring Blue Pill up to snuff would be a six-month project for two people and named a rate of $200 per hour to create the code.

Rutkowska outlined additional rules that she believes would make the contest a fair challenge, including running five machines, which would reduce the probability that random guesses would result in the correct identification of infected machines to 3 percent. Symantec is the parent company of SecurityFocus.

A nod to ZDNet's Zero Day blog.

CORRECTION: The original news brief affiliated Nate Lawson with the wrong company. Lawson is an independent security researcher and founder of Root Labs; he no longer works for Cryptography Research. The corrected brief also further clarifies the price tag for Rutkowska's six months of coding.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus