Crisis Financial Malware Spreads Via Virtual Machines

Tuesday Aug 21st 2012 by Datamation.com Staff
Share:

Security experts say this is the first known malware that attempts to propagate by virtual machines.

InformationWeek: Security experts have issued warnings about new malware that appears to be a signed Adobe Flash player installer. The rootkit, known as Crisis, Morcut or Maljava, is a Java archive (JAR) file that can attack both Windows and OS X systems.

According to Symantec's Takashi Katsuki, "The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device." The VMware attack vector is unique; Symantec says this is the first piece of malware it has seen that tries to propagate by virtual machine. Katsuki explained, "[Crisis] takes advantage of an attribute of all virtualization software: namely, that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running."

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved