Imagine a warehouse. That warehouse has a lot of stuff you might need access too, but you don’t really want to be digging around in there yourself. Additionally, there is a shed behind the warehouse, and a separate warehouse far away that might contain your stuff.

Instead of directly interacting with the warehouse, you have a receptionist that will happily tell you what is in the warehouse, shed, and remote warehouse, and go fetch it for you. You don’t care about what happens behind the scenes, and can treat the receptionist as your own unified mini-warehouse.

In more concrete terms: A virtual file system is an abstraction for a more physical file system. It’s a standardized method for interacting with different file systems in a simple manner, so you don’t really have to worry about how the warehouse is orginized, how the shelves are labelled, if it’s in this building or the building next door, or if it’s even a warehouse at all. All you care about is asking “I want my files” and the virtual file system will handle the actual details for you, fetching you your files no matter what filesystem is *actually* running on the system.

In the context of what they’re talking about, it works kind of like how a virtual machine does, so I’ll start there:

A virtual server is a really big file that, when opened by a virtualization program, runs as if it were a separate server from the host that it’s running on. If you create files, this is stored as data within the file.

The file itself holds space for the “hard drives” of the server.

These “hard drives” are, themselves, virtual file systems, in the sense of the red paper: The virus in question creates a set of encrypted files that can be used by the rootkit to host exploit files on the infected machine for staging/whatever; these files are typically invisible to the user of the infected machine, but hold space for the rootkit’s controller to hold stuff for him on that infected machine.

Without reading the redpaper in depth (it’s late, I’m tired) I can’t go into too much specifically, but in this context that’s what they’re referring to: A file that, when accessed by the right program, behaves like a miniature version of how you interact with a hard drive normally.