A Singapore researcher has found a way to make malware 100% undetectable under vista 64 bit using AMD's SVM/Pacifica virtualization technology. It basically creates an ultra-thin hypervisor that takes over control of the base operating system and there is no performance penalty - gfx and other devices are fully usable by the os which is now executing inside virtual machine. This all happens on-the-fly without rebooting.

 

A lot of the article sounds like marketing (matrix references et al) but the virtualisation technology is here..xen etc. oh and it doesn't just affect windows: "I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD"

 

http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html

http://www.eweek.com/article2/0,1895,1983037,00.asp

 

" A working prototype of the Blue Pill will be unveiled at the Black Hat Briefings on the same day that Microsoft is scheduled to show off some of the key security features of Windows Vista.

I hope the researcher was doing such things as a defensive procedure, right?

The reasearch was for a security firm.

 

Also Microsoft Reasearch has already developed a similar thing that is impossible to detect using a security system running on the same system, however, seemingly, it can be detected by security software on another machine.

 

The undetectable malware is based entirely on AMD's Pacifica technology. If this malware can be detected there is a flaw in the technology.

 

As a side point Vista is going to include some protection against root kits, although obviously not this type.