Back in 2006, Joanna Rutkowska made waves by announcing she'd developed a malware creation system she dubbed the "Blue Pill." Rutkowska, who worked for the Singapore-based security firm COSEINC, claimed to have developed a method for creating 100% undectable malware by using AMD's Pacifica virtualization technology. Now, statements from Rutkowska on the subject of Blue Pill's detectability seem to indicate that keeping the hypervisor rootkit completely undetectable has been far more difficult than originally anticipated, though this difficulty may have been exacerbated by her move from COSEINC to her self-founded Invisible Things Lab.

Fast forward a year, and security researchers Tom Ptacek, Nate Lawson, Peter Ferrie, and Dino Dai Zovi (from Motasano Security, Root Labs, and Symantec, respectively) have challenged Rutkowska to a contest. They're collectively willing to bet that a hypervisor rootkit detector they've written is capable of detecting Rutkowska's "Blue Pill" and are offering her a chance to prove or disprove that hypothesis at the Black Hat conference in Las Vegas later this summer.

Rutkowska's response thus far has been that she's interested in the contest, but that Blue Pill isn't ready for combat at this time. In her InvisibleThings blog, she notes:

Our current Blue Pill has been in the development for only about 2 months (please note that we do not have rights to use the previous version developed for COSEINC) and it is more of a prototype, with primary use for our training in Vegas, rather then a "commercial grade rootkit".

Rutkowska goes on to say that her new Blue Pill prototype would require "about six months' full-time work by two people to turn it into such a commercial-grade creature that would win the contest described above. We're ready to do this, but we expect that somebody compensate us for the time spent on this work. We would expect an industry standard fee for this work, which we estimate to be $200 USD per hour per person."

It's beginning to look like this is a battle royale we'll never see, however. Rutkowska says that her challengers should pay for the cost of the development, slyly arguing that her challengers should be able to find sponsorships for the event since they're so sure they've solved the problem.

Meanwhile, her challengers have taken her statements as proof that she's unable to deliver a 100% undetectable hypervisor rootkit. Underneath the layers of e-peen, the point seems to be that developing undetectable malware / rootkits is difficult—significantly moreso, perhaps, than Rutkowska's original announcement led people to believe.

This is no small matter because it has been suggested on several occasions that concepts like "Blue Pill" are the reasons why Microsoft is afraid to let consumers virtualize Vista Home Basic and Premium. The possibility that malware could exploit a hypervisor and remain undetectable appears to be more theory than praxis for now.