Comments on: VMWare Rootkits, The Next Big Threat? http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/ Ethical Hacking, Penetration Testing & Computer Security Wed, 19 Nov 2008 23:25:41 +0000 http://wordpress.org/?v=2.6.3 By: Alfred http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/#comment-99982 Alfred Sat, 19 Jan 2008 11:26:46 +0000 http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/#comment-99982 I think they talked about this on sploitcast.com. I think they talked about this on sploitcast.com.

]]> By: Duo http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/#comment-193 Duo Sat, 18 Mar 2006 02:57:06 +0000 http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/#comment-193 Verdasys (Ver-day-sis) http://www.verdasys.com/ They're developing a mutli-layer* rootkit. The administrator would install it just as he would with any piece of software and once the administrator gives the agent a server IP Address it completely hides its self. Removes all executables, install directories, processes and their IDs. It's really quiet amazing. It also sends information back to the server on a timer (admin configured) and the information is displayed in either HTML, TXT or the programs own interpeter to display what applications have been running, what ports, etc. In the version I watched in use had features such as VNC. When we were reviewing the AIM statistics it also logged who had been talked to, their conversations, etc. I was impressed. *Multi-layer refers to the low/high level of the kernel and other functions of the processor. The different rings, if that makes sense. Verdasys (Ver-day-sis)
http://www.verdasys.com/

They’re developing a mutli-layer* rootkit. The administrator would install it just as he would with any piece of software and once the administrator gives the agent a server IP Address it completely hides its self. Removes all executables, install directories, processes and their IDs. It’s really quiet amazing. It also sends information back to the server on a timer (admin configured) and the information is displayed in either HTML, TXT or the programs own interpeter to display what applications have been running, what ports, etc. In the version I watched in use had features such as VNC. When we were reviewing the AIM statistics it also logged who had been talked to, their conversations, etc. I was impressed.

*Multi-layer refers to the low/high level of the kernel and other functions of the processor. The different rings, if that makes sense.

]]> By: Alessandro Perilli http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/#comment-96 Alessandro Perilli Mon, 13 Mar 2006 11:47:07 +0000 http://www.darknet.org.uk/2006/03/vmware-rootkits-the-next-big-threat/#comment-96 The research misses some critical implementation problems preventing this rootkit from being developed anytime soon. I have an insight of this on my blog: http://www.securityzero.com/2006/03/rootkits-powered-by-virtualization.html The research misses some critical implementation problems preventing this rootkit from being developed anytime soon.

I have an insight of this on my blog: http://www.securityzero.com/2006/03/rootkits-powered-by-virtualization.html

]]>