Newest malware now able to target virtual machines?

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

(1/4) > >>

40hz:
This just posted at Tom's Hardware (link here)

Crisis Believed to be First Malware Infecting Virtual Machines
12:20 PM - August 24, 2012 by Wolfgang Gruener - source: Symantec

Crisis, a previously detected trojan, has turned out to be much more sophisticated malware than originally described.

Instead of just infecting Macs, Crisis also infects Windows PCs as well as Windows Mobile devices and, for the first time, a VMware virtual machine. Security researchers originally believed that the malware was limited to simply monitoring the applications Adium, Firefox, Skype and MSN Messenger.

Crisis is distributed via social engineering and tricks a user into running a Java applet Flash installer. The malware then identifies the operating system and uses the respective executable file. The trojan is carried in a JAR (Java ARchive) file, which is based on the ZIP format and usually includes Java class files, metadata and resources in one file to distribute a Java application or Java libraries.

What makes Crisis interesting is that it appears to be specifically looking for virtualized environments and is therefore believed to be the first malware to spread onto a virtual machine.
--- End quote ---

Tech details can be found over at Symantec. (link here)

The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool.
.
.
.
It does not use a vulnerability in the VMware software itself. It takes advantage of an attribute of all virtualization software: namely that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running as is the case above.

This may be the first malware that attempts to spread onto a virtual machine. Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.
--- End quote ---

Just one more thing to have to start looking for. >:(

daddydave:
What makes Crisis interesting is that it appears to be specifically looking for virtualized environments and is therefore believed to be the first malware to spread onto a virtual machine.

--- End quote ---

Looks like they left out an adverbial phrase there.

Renegade:
Drunk postOk. You're smart. Really smart. No, like really mother ****ing smart. No, even beyond that... Like super-mother-****ing-smart...

So why the **** to you need to be such a ****ing c**t?

There will always be douche-wads as long as there are people... I have further nothing positive to say that isn't violent and disgusting.

I hate a**holes.

daddydave:
Wow. That was to me? Okey-doke.

rgdot:
^To the person who wrote the malware

As far as the topic itself, I am not surprised and not even sure how it hasn't happened earlier....

Navigation

[0] Message Index

[#] Next page

Go to full version