Have a suggestion?

Click here to suggest a blog item.

Newsletters Archive

Catch up with DonationCoder by browsing our past newsletters, which collect the most interesting discussions on our site: here.

Editorial Integrity

DonationCoder does not accept paid promotions. We have a strict policy of not accepting gifts of any kind in exchange for placing content in our blogs or newsletters, or on our forum. The content and recommendations you see on our site reflect our genuine personal interests and nothing more.

Latest News

July 19, 2022
Software Update

Jan 3, 2022
Event Results

May 13, 2020
Software Updates

Mar 24, 2020
Mini Newsletter

Dec 30, 2019
Software Updates

Jan 22, 2020
Software Updates

Jan 12, 2020
Newsletter

Jan 3, 2020
Event Results

Jan 2, 2020
Software Updates

Dec 30, 2019
Software Updates

April 27, 2019
Software Updates

Feb 26, 2019
Software Updates

Feb 23, 2019
Software Updates

Feb 14, 2019
Software Updates

Jan 6, 2019
Event Results

Dec 2, 2018
Software Updates

Nov 13, 2018
Software Releases

July 30, 2018
Software Updates

June 24, 2018
Software Updates

June 6, 2018
Software Updates

Apr 2, 2018
Fundraiser Celebration

Apr 2, 2018
Software Updates

Feb 24, 2018
Software Updates

Jan 14, 2018
Major Site News

Jan 10, 2018
Event Results

Latest Forum Posts
May we recommend..
Jibz's Software
Jibz's Software image

Jibz is one of the very earliest and dearest members of DonationCoder, and he helped hammer out the ideas behind the site.

  • Number of programs available: 3+
  • Last updated: 2015
  • Visit Jibz's website to browse his apps and download them here: http://www.dcmembers.com/jibsen.
  • Visit Jibz's section on our forum: here.

Read more…

Our daily Blog

This page spotlights the most interesting posts collected from our forum every day.

You are viewing a specific blog item. Click here to return to the main blog page.

Newest malware now able to target virtual machines?

blog clipart
This just posted at Tom's Hardware (link here)

Crisis Believed to be First Malware Infecting Virtual Machines
12:20 PM - August 24, 2012 by Wolfgang Gruener - source: Symantec

Crisis, a previously detected trojan, has turned out to be much more sophisticated malware than originally described.

Instead of just infecting Macs, Crisis also infects Windows PCs as well as Windows Mobile devices and, for the first time, a VMware virtual machine. Security researchers originally believed that the malware was limited to simply monitoring the applications Adium, Firefox, Skype and MSN Messenger.

Crisis is distributed via social engineering and tricks a user into running a Java applet Flash installer. The malware then identifies the operating system and uses the respective executable file. The trojan is carried in a JAR (Java ARchive) file, which is based on the ZIP format and usually includes Java class files, metadata and resources in one file to distribute a Java application or Java libraries.

What makes Crisis interesting is that it appears to be specifically looking for virtualized environments and is therefore believed to be the first malware to spread onto a virtual machine.

Tech details can be found over at Symantec. (link here)

The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool.
.
.
.
It does not use a vulnerability in the VMware software itself. It takes advantage of an attribute of all virtualization software: namely that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running as is the case above.

This may be the first malware that attempts to spread onto a virtual machine. Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.

Just one more thing to have to start looking for. >:(

Continue reading the rest of the entry and discuss..

posted by 40hz donate to 40hz
(permalink) (read 19 comments)


Share on Facebook
submit to reddit