Rootkit Hunter
Serg B.
sergicles at gmail.com
Sat Dec 23 15:10:02 UTC 2006
>
> I know that as a proof of concept a root kit has been written for
> linux and windows that uses the virtualization technology and thus
> runs outside the context of the OS, so there's no chance to detect it
> by any means if the OS is running (does a vmware guest know that it
> is a vmware guest?). But I don't know of anything that has been
> written for a useful thing.
Sounds like Jame Bond stuff to me. Do you have a link to an article that
talks about the above proof of concept code? Since you know...
I heard that VMWare released or is about to release a tool that can image
the currently running OS into a VMWare machine.
I agree that detecting a virus that wraps an OS into a VM image and runs
beneath it would be (maybe almost) impossible.
However you would definitely know about it. Nothing stealthy there unless
you run one powerful mother of a machine! And even then you would see that
things are not quite as fast. You would notice a performance decrease since
you would be now running 2 OS's. One for the virus and one for the guest.
Reduced disk size - a noticeable chunk sine there is another OS installed.
On reboot a boot-up screen would show messages inconsistent to the guest OS,
etc. Like I said nothing stealthy, in MY opinion.
So yeah I doubt that this proof of concept is anything more then a marketing
speak for VM tools and somebody trying to get security paper out for self
promotion.
Uh why not, it is the flavor f the month after all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20061224/799d92e2/attachment.html>
More information about the ubuntu-users
mailing list