Rootkit Hunter
Gabriel Dragffy
dragffy at yandex.ru
Sat Dec 23 15:33:49 UTC 2006
On Sun, 2006-12-24 at 02:10 +1100, Serg B. wrote
>
> Sounds like Jame Bond stuff to me. Do you have a link to an article
> that talks about the above proof of concept code? Since you know...
>
Sound James Bond to me too!!
> I heard that VMWare released or is about to release a tool that can
> image the currently running OS into a VMWare machine.
>
> I agree that detecting a virus that wraps an OS into a VM image and
> runs beneath it would be (maybe almost) impossible.
>
> However you would definitely know about it. Nothing stealthy there
> unless you run one powerful mother of a machine! And even then you
> would see that things are not quite as fast. You would notice a
> performance decrease since you would be now running 2 OS's. One for
> the virus and one for the guest. Reduced disk size - a noticeable
> chunk sine there is another OS installed. On reboot a boot-up screen
> would show messages inconsistent to the guest OS, etc. Like I said
> nothing stealthy, in MY opinion.
>
> So yeah I doubt that this proof of concept is anything more then a
> marketing speak for VM tools and somebody trying to get security paper
> out for self promotion.
>
> Uh why not, it is the flavor f the month after all.
I think perhaps that when we're talking about this kind of virus it
isn't limited to just VMware. Imagine a virtual server service that has
a single computer hosting 50 operating systems using Xen technology. Now
think about the trouble that a virus could cause all that. Horrible. If
a virus managed to escape the guest OS...
More information about the ubuntu-users
mailing list