SCF Advanced Search

  • Total Members: 13974
  • Latest: totopn6
  • Total Posts: 40923
  • Total Topics: 14644
  • Online Today: 913
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Download Blue Pill Rootkit Designed for Windows Vista  (Read 4355 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Global Moderator
  • *****
  • Posts: 1076
  • KARMA: 22
  • Gender: Male
Download Blue Pill Rootkit Designed for Windows Vista
« on: 04. August 2007., 21:27:37 »
The Blue Pill is a virtualization based rootkit designed especially for Windows Vista by security researcher Joanna Rutkowska, Founder/CEO of InvisibleThingsLab. Initially demonstrated at Black Hat Briefings 2006 in 
Las Vegas on August 3, 2006, on a pre-RTM version of Windows Vista, the Blue Pill has since then evolved, 
and was redesigned and rewritten from scratch by Rutkowska and Alexander Tereshkin, InvisibleThingsLab principal researcher. The new Blue Pill was demonstrated at this years Black Hat, following which, the full source code for the rootkit was made available for download. Rutkowska claims that the virtualization based Blue Pill is undetectable.

"The main point was that detecting virtualization is not the same as detecting virtualization based malware. As hardware virtualization technology gets more and more widespread, many machines will be running with virtualization mode enabled, no matter whether blue pilled or not. In that case blue pill-like malware doesn’t need to cheat that virtualization is not enabled, as it’s actually expected that virtualization is being used for some legitimate purposes. In that case using a "blue pill detector", that in fact is just a generic virtualization detector is completely pointless," she stated.

According to Rutkowska, it will be impossible to stop virtualization based malicious code with generic virtualization detectors. Additionally, the security researcher emphasized that the generic virtualization detectors feature a wrong approach to detecting virtualized malware. "we believe that it will always be possible to detect virtualization mode using various tricks and hacks, but: 1) those hacks could be forced to be very complex and 2) in case virtualization is being used on the target computer for some legitimate purposes all those methods fail anyway (see point 1)," Rutkowska added, saying that integrating hacks and tricks into hypervisors is not a valid approach to security. At Black Hat 2007, the x64 Windows Vista, the most secure version of the operating system in Microsoft's perspective, was Rutkowska's preferred target.
# Online Anti-Malware Scanners:,734.0.html

Samker's Computer Forum -

Download Blue Pill Rootkit Designed for Windows Vista
« on: 04. August 2007., 21:27:37 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising