Rootkit Hunter

Serg B. sergicles at
Sat Dec 23 15:38:02 UTC 2006

Well yeah, if it is the case it is very, very scary to think of the
possibilities and the damage something like this could cause.

Perhaps it's time to move into security industry, looks like the business
will be booming there.

On 24/12/06, Martin Marcher <martin.marcher at> wrote:
> Hi,
> Am 23.12.2006 um 16:10 schrieb Serg B.:
> > Sounds like Jame Bond stuff to me. Do you have a link to an article
> > that
> > talks about the above proof of concept code? Since you know...
> nope sorry was a printed articel and I already threw away the
> magazine... :(
> > However you would definitely know about it. Nothing stealthy there
> > unless
> > you run one powerful mother of a machine! And even then you would
> > see that
> > things are not quite as fast. You would notice a performance
> > decrease since
> > you would be now running 2 OS's. One for the virus and one for the
> > guest.
> > Reduced disk size - a noticeable chunk sine there is another OS
> > installed.
> > On reboot a boot-up screen would show messages inconsistent to the
> > guest OS,
> > etc. Like I said nothing stealthy, in MY opinion.
> the stealthy thing as I understood it was that you are in fact not
> running to OS but with the virtualization technology the software
> could at runtime of the os switch the context in which the os is
> running.
> I have no idea how large such a thing would be, but even if it was 20
> MB with todays HD sizes one would hardly recognize. And since it's a
> "small" programm that just hides a few processes from being found I
> don't think that you would notice any difference.
> > So yeah I doubt that this proof of concept is anything more then a
> > marketing
> > speak for VM tools and somebody trying to get security paper out
> > for self
> > promotion.
> I desperately hope so, if not that would mean a _lot_ of spam (which
> is the thing that imho pays off most at the moment). Consider you
> have a running windows/linux/whatever os box and someone has a root
> kit of that kind installed. no chance to detect it, new investements
> for anti malware software etc.
> martin
> --
> ubuntu-users mailing list
> ubuntu-users at
> Modify settings or unsubscribe at:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-users mailing list