Get the Blue Pill for free

Joanna Rutkowska, a rootkit expert, has published a new build of the virtualization rootkit Blue Pill. She provided open access to the source code on bluepillproject.org. The new version is not just a revision of the prototype presented at the Black Hat Conference in Las Vegas 2006 but rather a completely new build with new functionality and support for hardware virtualization of modern AMD CPUs (SVM/Pacifica while Intel's VT-x technology is not affected yet). The new version of Blue Pill can move Microsoft Windows into a virtual machine while it's running without rebooting the system and without knowledge of the user. What is more is that Blue Pill now has several mechanism to prevent rootkit detection.

The new version of Blue Pill apparently was build by Rutkowska and co-author Alexander Tereshkin to proove Thomas Ptacek of Matasano Security, Nate Lawson of Root Labs and Peter Ferrie of Symantec wrong that challenged Rutkowska by stating that Blue Pill is not undetectable at all.

However, this release should rather be considered as proof of concept...

More information, the latest version of Blue Pill as well as the source code can be downloaded under bluepillproject.org. More information about virtualization detection and respectively detection of virtualizati....

For a quick introduction on this topic check out the "IsGameOver()" presentation.