Rootkit Hunter

Serg B. sergicles at
Sat Dec 23 15:10:02 UTC 2006

> I know that as a proof of concept a root kit has been written for
> linux and windows that uses the virtualization technology and thus
> runs outside the context of the OS, so there's no chance to detect it
> by any means if the OS is running (does a vmware guest know that it
> is a vmware guest?). But I don't know of anything that has been
> written for a useful thing.

Sounds like Jame Bond stuff to me. Do you have a link to an article that
talks about the above proof of concept code? Since you know...

I heard that VMWare released or is about to release a tool that can image
the currently running OS into a VMWare machine.

I agree that detecting a virus that wraps an OS into a VM image and runs
beneath it would be (maybe almost) impossible.

However you would definitely know about it. Nothing stealthy there unless
you run one powerful mother of a machine! And even then you would see that
things are not quite as fast. You would notice a performance decrease since
you would be now running 2 OS's. One for the virus and one for the guest.
Reduced disk size - a noticeable chunk sine there is another OS installed.
On reboot a boot-up screen would show messages inconsistent to the guest OS,
etc. Like I said nothing stealthy, in MY opinion.

So yeah I doubt that this proof of concept is anything more then a marketing
speak for VM tools and somebody trying to get security paper out for self

Uh why not, it is the flavor f the month after all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-users mailing list