Undetectable malware? Great.

deicistdeicist Manchester, UK
edited July 2006 in Science & Tech
According to This article from Eweek, a prominent security researcher has come up with a proof of concept for the next generation of malware. This software, called 'blue pill' installs itself as a virtual environment and runs your OS as a virtual machine. The elegant thing about this approach is that it relys on all those fancy new Virtualization technologies to work properly. The only way it can possibly be detected if is there's a flaw in the underlying virtualization technology. Nice huh?

Comments

  • airbornflghtairbornflght Houston, TX Icrontian
    edited June 2006
    guh reat. just what I wanted to here.
  • GHoosdumGHoosdum Icrontian
    edited June 2006
    This sucks.
  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited July 2006
    it relys on all those fancy new Virtualization technologies to work properly
    just wonderful
  • EnverexEnverex Worcester, UK Icrontian
    edited July 2006
    Not to mention your machine will run slower as a whole (not massively, but still, although it could be severe if the malware is a poor controler for the VMs).

    But then I have to ask, how the hell would it do that anyway? That would be the equivilant of a virus installing a new OS to run your OS. When was the last time you had a Virus install an OS? It's not quite as simple as a rogue IE ActiveX control.
  • airbornflghtairbornflght Houston, TX Icrontian
    edited July 2006
    yeh, I want to know who will have the time to write this.
  • deicistdeicist Manchester, UK
    edited July 2006
    Enverex wrote:
    Not to mention your machine will run slower as a whole (not massively, but still, although it could be severe if the malware is a poor controler for the VMs).

    But then I have to ask, how the hell would it do that anyway? That would be the equivilant of a virus installing a new OS to run your OS. When was the last time you had a Virus install an OS? It's not quite as simple as a rogue IE ActiveX control.

    From what I understand the new virtualization technologies in AMDs new chips make it almost trivial to move your OS to a virtual system, that's pretty much what they're there for. Also, the virtualization isn't like an emulator, there's almost no performance hit again thanks to the new virtualization technologies. If you think virus writers aren't going to have the skill / time to exploit this then you seriously underestimate them.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited July 2006
    you forget - it's not 15 year old kids anymore. You have entire companies with highly paid staff writing viruses and malware now. Believe me, some russian or chinese firm will have a "virus-installs-an-OS" type of virus working just fine (if they haven't got working proof-of-concept already).
  • airbornflghtairbornflght Houston, TX Icrontian
    edited July 2006
    primesuspect wrote:
    you forget - it's not 15 year old kids anymore. You have entire companies with highly paid staff writing viruses and malware now. Believe me, some russian or chinese firm will have a "virus-installs-an-OS" type of virus working just fine (if they haven't got working proof-of-concept already).


    no, the 15 year olds are just learning. I always thought it was the 35 year old still living at home, or the older software engineer that had a bad week at work and was pissed.:p

    I was unawar entire firms were writing these malicious programs now. I think me and my AR-10 may pay a visit to Virii Corp in china if I get one of these little nasties.;) (j/k)
  • deicistdeicist Manchester, UK
    edited July 2006
    airbornflght wrote:
    no, the 15 year olds are just learning. I always thought it was the 35 year old still living at home, or the older software engineer that had a bad week at work and was pissed.:p

    I was unawar entire firms were writing these malicious programs now. I think me and my AR-10 may pay a visit to Virii Corp in china if I get one of these little nasties.;) (j/k)

    Gah, stop it. It's Viruses, not Virii.
    Wikipedia wrote:
    The word virus has no classically attested plural form in Latin. In antiquity the word had not yet acquired its current meaning. It denoted something like toxicity; venom; a poisonous, deleterious, or unpleasant agent or principle; or poison in the abstract or general sense[2]. Nouns denoting countable entities (such as book) pluralize; noncountable entities (such as air, mood, valor) pluralize only under special circumstances. The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms. [June 1999 issue of ASM News by the American Society for Microbiology]

    It is unclear how a plural might have been formed had the word acquired a meaning requiring a plural form[3]. Possibilities include vira, following the pattern for neuter nouns in -um or virus with a long , following the example of status. However, none of these are attested[4]. The virii form would not have been a correct plural, since the -ii ending only occurs in the plural of words ending in -ius. For instance, take radius, plural radii: the root is radi-, with the singular ending -us and the plural -i. Thus the plural virii is that of the nonexistent word virius. The viri form is also incorrect in Latin. The ending -i is used only for masculine nouns, not neuter ones such as virus; moreover, viri (albeit with a short i in the first syllable) is the plural of vir, and means "men".

    So the Latin word didn't have a plural and even if it had, it wouldn't have been Virii.
  • EnverexEnverex Worcester, UK Icrontian
    edited July 2006
    deicist wrote:
    From what I understand the new virtualization technologies in AMDs new chips make it almost trivial to move your OS to a virtual system, that's pretty much what they're there for. Also, the virtualization isn't like an emulator, there's almost no performance hit again thanks to the new virtualization technologies. If you think virus writers aren't going to have the skill / time to exploit this then you seriously underestimate them.

    That's not true, I've been looking at benchmarks of OSs running on Xen using hardware virtualisation and there IS a performance decrease. It's only small but it's still a decrease.
  • airbornflghtairbornflght Houston, TX Icrontian
    edited July 2006
    deicist wrote:
    Gah, stop it. It's Viruses, not Virii.



    So the Latin word didn't have a plural and even if it had, it wouldn't have been Virii.


    Sorry oh great one, I did not mean to offend:respect:
  • deicistdeicist Manchester, UK
    edited July 2006
    Enverex wrote:
    That's not true, I've been looking at benchmarks of OSs running on Xen using hardware virtualisation and there IS a performance decrease. It's only small but it's still a decrease.

    I thought Xen was an opensource software hypervisor, which hardware virtualisation are you referring to? Links?

    edit: Sorry, I see Xen supports intel's Virtualization technology... still, links?
  • EnverexEnverex Worcester, UK Icrontian
    edited July 2006
    deicist wrote:
    I thought Xen was an opensource software hypervisor, which hardware virtualisation are you referring to? Links?

    edit: Sorry, I see Xen supports intel's Virtualization technology... still, links?

    Can't remember to be honest, I think it may have been Xens site itself. It was while on a topic about general VMing.
  • deicistdeicist Manchester, UK
    edited July 2006
    hmmm.... according to this

    linkage

    The virtualisation offered by the likes of VMware and Xen is something called 'paravirtualization' in which the hardware abstract offered to the guest operating systems is different from the underlying physical hardware to resolve timing and other issues which stem from the fact that the x86 architecture was never designed for virtualization. The new hardware approach that AMD and INtel are going for offers full virtualization, the hardware itself is VM aware and thus the performance overhead is much smaller than a software approach. In fact, from what I've read when you install an OS on one of the new chips the OS is pretty much running as a virtual machine anyway, it's a step above the software virtualization we've seen in the past. Of course I could be reading it wrong.
  • EnverexEnverex Worcester, UK Icrontian
    edited July 2006
    That may be true, I don't really understand it all properly right now.
Sign In or Register to comment.