blue pill rootkit

The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.

The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. The hypervisor installs without requiring a restart and the computer functions normally, without degradation of speed or services, which makes detection difficult.

The original blue pill implementation was based on AMD virtualization (AMD-V), a set of hardware extensions for the X86 processor architecture. The processor extensions offload repetitive and inefficient work from software, which improves virtual machine (VM) performance on the physical server. However, because AMD-V is designed to operate seamlessly, the hypervisor is invisible to the operating system and has full privileges to make any change desired. The malware can intercept any internal communication between the operating system and system hardware and software and send a false response. The blue pill code was subsequently adapted for the Intel VT-x (virtualization technology) environment.

Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference. Rutkowska also developed Redpill, a series of techniques used to detect a blue pill hypervisor.

The name blue pill is a reference to the science fiction movie The Matrix. Neo, the main character, is offered a choice between a blue pill, which will allow him to live obliviously in the virtual reality environment of The Matrix, and a red pill that will allow him to understand his situation and ultimately escape from The Matrix. Morpheus (Neo’s guide) explains: "This is your last chance. After this, there is no turning back. You take the blue pill -- the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill -- you stay in Wonderland and I show you how deep the rabbit-hole goes."

Blue pill and red pill have become symbolic in pop culture for willful ignorance versus seeking the truth, however difficult that truth might be.

See also: hardware virtualization, BIOS rootkit attackvirtual machine escape, hypervisor security, virtualization

This was first published in March 2011

Continue Reading About blue pill rootkit

Dig deeper on Cloud Computing Virtualization: Secure Multitenancy - Hypervisor Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close