This reminds me of why I am wary of dual boot set-ups. Someone could write a Windows virus to attack your Linux system files, or a Linux virus to attack your Windows system files. In either case any normal antivirus software would not be running.
Not sure if that exists in real life, either.
It has been done
, but pretty much just a proof of concept thing. Doesn't really make sense for a normal piece of malware, since the gains are extremely small and the code complexity quite a bit higher.
The usable lifespan of a broken disk is short enough, adding in the complexity and disk access to get the drive mounted might make it tougher to get anything off.
Do what you always ought to do with a failing disk: make an image and salvage from that. It's less stressful to do a linear read from the beginning to the end rather than copying individual files that are likely to be scattered all over the disk...
Anyway, this vm-infecting thing is hardly a big deal. It's not a break-out of the vm. I find it kinda silly that this feature is included in a generic piece of malware, given that the gains for zombie-gathering purposes is pretty small.
For hitting specific targets it could be useful (infecting VMs that get mass distributd to the cloud, or images that are used for corporate roll-out), but in a generic piece of malware? Ho humm.
PS: vm-breakouts have
been done, but tend not to make it into normal malware - again, the gains aren't big enough, and it makes the vendors aware of the exploit... makes much more sense to keep such an exploit private, and use it for high-profile targets