A3 Book section, Chapters in research books
Modern Blue Pills and Red Pills (2020)

Algawi, A., Kiperberg, M., Leon, R. S., Resh, A., & Zaidenberg, N. J. (2020). Modern Blue Pills and Red Pills. In M. Khosrow-Pour (Ed.), Encyclopedia of Criminal Activities and the Deep Web (pp. 1136-1149). IGI Global. https://doi.org/10.4018/978-1-5225-9715-5.ch078

JYU authors or editors

Publication details

All authors or editors: Algawi, Asaf; Kiperberg, Michael; Leon, Roee Shimon; Resh, Amit; Zaidenberg, Nezer Jacob

Parent publication: Encyclopedia of Criminal Activities and the Deep Web

Parent publication editors: Khosrow-Pour, Mehdi

ISBN: 978-1-5225-9715-5

eISBN: 978-1-5225-9716-2

Publication year: 2020

Pages range: 1136-1149

Number of pages in the book: 1162

Publisher: IGI Global

Publication country: United States

Publication language: English

DOI: https://doi.org/10.4018/978-1-5225-9715-5.ch078

Publication open access: Not open

Publication channel open access:


This article presents the concept of blue pill, a stealth hypervisor-based rootkit, that was introduced by Joanna Rutkowska in 2006. The blue pill is a malicious thin hypervisor-based rootkit that takes control of the victim machine. Furthermore, as the blue pill does not run under the operating system context, the blue pill is very difficult to detect easily. The red pill is the competing concept (i.e., a forensics software that runs on the inspected machine and detects the existence of malicious hypervisor or blue pill). The concept of attestation of a host ensuring that no hypervisor is running was first introduced by Kennel and Jamieson in 2002. Modern advances in hypervisor technology and hardware-assisted virtualization enables more stealth and detection methods. This article presents all the recent innovation in stealth blue pills and forensics red pills.

Keywords: data security; malware; virtualisation

Contributing organizations

Ministry reporting: Yes

Reporting Year: 2020

JUFO rating: 1

Last updated on 2022-19-08 at 19:44