Rootkit Hunter

Serg B. sergicles at gmail.com
Sat Dec 23 15:47:30 UTC 2006 

While on the subject, here are some links regarding VM security from a
Pen-Test mailing list (securityfocus.com) email I haven't read yet:


http://www.vmware.com/vmtn/technology/security/
http://vmblog.com/archive/2006/05/23/605.aspx

Maybe somebody will find it useful. Maybe I'll find it useful but I haven't
read them yet :/



On 24/12/06, Serg B. <sergicles at gmail.com> wrote:
>
> Well yeah, if it is the case it is very, very scary to think of the
> possibilities and the damage something like this could cause.
>
> Perhaps it's time to move into security industry, looks like the business
> will be booming there.
>
> On 24/12/06, Martin Marcher <martin.marcher at openforce.com> wrote:
>
> > Hi,
> >
> > Am 23.12.2006 um 16:10 schrieb Serg B.:
> >
> > > Sounds like Jame Bond stuff to me. Do you have a link to an article
> > > that
> > > talks about the above proof of concept code? Since you know...
> >
> > nope sorry was a printed articel and I already threw away the
> > magazine... :(
> >
> > > However you would definitely know about it. Nothing stealthy there
> > > unless
> > > you run one powerful mother of a machine! And even then you would
> > > see that
> > > things are not quite as fast. You would notice a performance
> > > decrease since
> > > you would be now running 2 OS's. One for the virus and one for the
> > > guest.
> > > Reduced disk size - a noticeable chunk sine there is another OS
> > > installed.
> > > On reboot a boot-up screen would show messages inconsistent to the
> > > guest OS,
> > > etc. Like I said nothing stealthy, in MY opinion.
> >
> > the stealthy thing as I understood it was that you are in fact not
> > running to OS but with the virtualization technology the software
> > could at runtime of the os switch the context in which the os is
> > running.
> >
> > I have no idea how large such a thing would be, but even if it was 20
> > MB with todays HD sizes one would hardly recognize. And since it's a
> > "small" programm that just hides a few processes from being found I
> > don't think that you would notice any difference.
> >
> > > So yeah I doubt that this proof of concept is anything more then a
> > > marketing
> > > speak for VM tools and somebody trying to get security paper out
> > > for self
> > > promotion.
> >
> > I desperately hope so, if not that would mean a _lot_ of spam (which
> > is the thing that imho pays off most at the moment). Consider you
> > have a running windows/linux/whatever os box and someone has a root
> > kit of that kind installed. no chance to detect it, new investements
> > for anti malware software etc.
> >
> > martin
> >
> >
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
> >
> >
> >
>
>
> --
> Serg




-- 
Serg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20061224/da38abbf/attachment.html>

More information about the ubuntu-users mailing list