Yep it's r00tkit time again. This one even bypasses Vista security.

http://wwww.eweek.com/article2/0,1895,1983037,00.asp


Makes me wonder how Kunt Wismer's BartPE anti-rootkit
magic bullet solution (Tm) will fair. Maybe Arse&Peg can
petition the WhiteHouse for the Malware death sentence
again ;]]


4Q (ACV Anarcist & malware philosophy, with Hons.)

p.s. I must get around to telling you what Hoglund fears about
'When Harry met Sally' (VX_Harry met r00tkit_Sally)

4Q wrote:
*grrrr*

http://www.eweek.com/article2/0,1895,1983037,00.asp


Better luck with typo this time ;]]



*fuck* "Anarchist", believe me it's more embarrassing
when it's tattooed!

4Q

"4Q" <paul_zest@hushmail.com> wrote in news:1152058484.309539.143090@
75g2000cwc.googlegroups.com:


No actual sample is available to test the authors claims. We'll have to
wait to see a live demonstration.

If I understand the article correctly; it's ability to avoid detection
requires it to be running. If the host OS isn't, it's not either.


4Q, you should know better (I know you do!) then to claim any malware of
any sort is 100% undetectable. That's like saying cryptography is 100%;
it's not. I've never seen you stoop to marketing FUD to make a point,
this is indeed a new low for you.

--
Dustin
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk

Dustin Cook wrote:
Yes. BlackHat Briefing, Las Vegas August 3rd


It's a Matrix world / Real world / VR World kinda thingy!

Raidy!!!! It's the title of the article, I'm just the messenger
(i.e. no shooting da msg guy ;]])


OTP = 100%, even Schneier conceeds this

"Believe it or not, there is a perfect encryption scheme.
It's called a one-time-pad..." from 'Applied Cryptography'



Fuck man I thought you knew the low levels my trollivismic
kookie ways could stoop too. *I'm shocked*

;]]

4Q

Dustin Cook wrote:
from my reading (of articles actually written by the blue pill author)
the blue pill is non-persistent... when you reboot the malware is not
just not running, it's gone...

it's not unlike a scenario suggested by the OP, except in that case it
was just a loader for the malware that was non-persistent rather than
the entire thing (at least that's my best guess at the earlier case -
joanna rutkowska, despite not being a native english speaker, is better
at getting her point across)...

anyways, even with this apparent resistance to outside the box analysis
there are still avenues of attack, such as using it's own techniques
against it
(http://anti-virus-rants.blogspot.com...o-swallow.html)

indeed, i also made an observation very much like that...
(http://anti-virus-rants.blogspot.com...tectable.html)...

stealth is just a protective measure, and since we already know there's
no perfect protection, the stealth cannot be as perfect as has been
suggested just on principle alone... in practice, for every tactic there
is a counter-measure - and that applies to both sides...

and for those genuinely curious what my take on the blue pill is, those
two links should just about cover it...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

kunt wismer wrote:

<snip>

Hey twat, I've just been flicking through your malware
glossary site again "what is a virus?, what is a worm? etc etc"
I come across another link to http://rootkit.com and you haven't
fixed up the last one I told you about... H-ipocrisy i=y
yet you contine to marker pen my links out.

Now fuck off and fix it like a good lad. I'll be checking up
on you later.

;]]

4Q

4Q wrote:
http://www.eweek.com/article2/0,1895,1983037,00.asp


Raidy and Kunt both seem to think the "Blue Pill" isn't
100% undetectable. Well it's true. The "Blue Pill" is
only about 99.9% finished!

http://www.theinvisiblethings.blogsp...pill-hype.html


And another thing Ms. Rutkowska you don't wake up inside "The Matrix"
you wake up *outside* "The Matrix" just ask Rob Rosenberger he was
the malware technical consultant, he should know.


4Q

p.s. Joanna, Kunt W. is going to venue on the 3rd August lookout
he's going to shout you down mid talk, and prove you wrong with the
aid of his slide ruler and halting theory.

p.p.s. Dear Kunt, Am I the "Malware Zealot" you mention on your
anti-blog rant? Just wanted to know so I can update my resume. )

4Q wrote:
While the encryption of a one time pad is perfect, the security of the
message is only as good as the system of transmitting and securing the
"pad".
This is not a trivial problem.

It only takes one compromise of the pad to trash the whole system.
How do you know that the system s still secure?

I used to do secure teletype in the US Navy and we were really careful
with the keys. Today, all of the equipment I worked on is useless as the
math is no longer strong.

That is another problem. It is very possible to pick a 'bad pad' that
will make even a one time pad open to attack.

It is important to pick the system to fit the job at hand.
Some messages are still never sent electronically because of the risk of
a future compromise.

I am not qualified to say if malware can ever be 100% undetectable but I
see different angles. It may be undetectable from inside the system
and still detectable from outside. Not to say it would be easy to find.
I just don't know enough of the technology.

michael

4Q wrote:

Did you read the follow up comments on the blog site? We're not alone
in our opinion that it's mainly marketing FUD.

And he's in agreement with this 100% undetectable bs? Why isn't he
commenting on it?

The idea of moving the entire OS to a vmm so that you can control it is
nice, but it's not foolproof.

In the end, we'll just wait and see how undetectable it is..

--
Regards,
Dustin Cook

4Q wrote:

True, with conditions. The OTP must be completely random, of equal size
as the data your intending to encrypt, and ONLY used once. The OTP
along with the encrypted data has to be transferred to the reciepient
to decrypt it. While the encrypted data is safe to transfer, the OTP
has to be delivered via a secure means, which makes it practically
worthless today.

Dustin Cook wrote:
<snip>

I wasn't refering to its detectability, I was refering to the
reference point of the entity after taking the "Blue Pill" with
regards to which reality they wake up in.

Personaly speaking I think it's great from the perspective of
potentially new ideas being generated for hackers to think about.
VX ideas seemed to have slowed a little in recent times. *shrug*
(bit like the crossover from DOS to Windows days)


4Q

pipedope wrote:
Yes I know OTP has been used in military applications and it has
its difficulties. I read somewhere (maybe in Schneier's book
'Secrets & Lies') that the communication link between the
White House red phone and the Kremelin was based on the OTP.
The keys would have been physically transfered under military
escort I would imagine, so no middle man attack could take
place.

Hey I never said OTP was easy to implement, it's just 100%
secure under the right conditions.


Yes it can be 100% undetectable...don't listen to that fool Kunt
Wismer.
It *can* be 100% undetectable because otherwise the detector(s) would
have
to detect everything, forever. Only God has those kind of resources, so
outside of the big guys omnipotent malware toolkit, one or two 100%
undetected systems have existed, exist and will exist in the future.
It's has infinate strength, if it avoids scrutiny. It's not security
by obscurity, it's security by heaviside unit step function.


4Q

"kurt wismer" <kurtw@sympatico.ca> wrote in message news:e8fde4$3vu$1@nntp.aioe.org...

ad nause[a|u]m

edgewalker wrote:
??

please elaborate...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

"A security researcher with expertise in rootkits has built
a working prototype of new technology that is capable of
creating malware that remains "100 percent undetectable,"
even on Windows Vista x64 systems."

This is supposed to be newsworthy, or impressive?

Let's see this guy come up with a rootkit that is undetectible on
Windows 98.

"4Q" <paul_zest@hushmail.com> wrote in news:1152130299.031671.311470
@v61g2000cwv.googlegroups.com:

So again, whats his take on the 100% undetectability claim?
He was a technical consultant, I'd like his opinion.

Nothing wrong with new ideas, just something amiss about the claim.

Well, theres only so many ways to infect things, after all.


--
Dustin
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk

Virus Guy <Virus@Guy.com> wrote in news:44ADC3F6.26053CB8@Guy.com:

HeHe...


--
Dustin
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk

"Virus Guy" <Virus@Guy.com> wrote in message
news:44ADC3F6.26053CB8@Guy.com...
she'd have to have a sex-change first!

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"kurt wismer" <kurtw@sympatico.ca> wrote in message news:e8k3qm$n3p$1@nntp.aioe.org...
"...is no perfect protection... this is a truism, an axiom, and something that the bad guys
will tell you ad nauseum in trying to show..."

Virus Guy wrote:
the blue pill utilizes hardware based virtualization and as such is
potentially OS agnostic... the delivery system has some vista specific
features presumably to demonstrate that vista's stealth defeating
measures aren't going to be enough...

now, whether or not you can get w98 to run on the 64bit amd chips the
blue pill was designed for is another matter, but if you can then it
should be possible to make the blue pill work for a w98 system...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"