Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Virtualization IT

Crisis Trojan Makes Its Way Onto Virtual Machines 49

Posted by Soulskill from the virtual-security dept.
Trailrunner7 writes "The Windows version of the Crisis Trojan is able to sneak onto VMware implementations, making it possibly the first malware to target such virtual machines. It also has found a way to spread to Windows Mobile devices. Samples of Crisis, also called Morcut, were first discovered about a month ago targeting Mac machines running various versions of OS X. The Trojan spies on users by intercepting e-mail and instant messenger exchanges and eavesdropping on webcam conversations. Launching as a Java archive (JAR) file made to look like an Adobe Flash Installer, Crisis scans an infected machine and drops an OS-specific executable to open a backdoor and monitor activity. This week, researchers also discovered W32.Crisis was capable of infecting VMware virtual machines and Windows Mobile devices."
This discussion has been archived. No new comments can be posted.

Crisis Trojan Makes Its Way Onto Virtual Machines More

Crisis Trojan Makes Its Way Onto Virtual Machines

Comments Filter:

  • Re:err, A virtual machine is not a machine? (Score:5, Informative)

    by Sarten-X ( 1102295 ) on Wednesday August 22, 2012 @04:36PM (#41086229) Homepage
    Other way around: It can break into a VM from a Windows host. From TFA:

    The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool.

  • Re:ok (Score:5, Informative)

    by EXrider ( 756168 ) on Wednesday August 22, 2012 @06:35PM (#41087803)

    It only affects windows and mac systems. ESXi is Linux.

    ESXi is not Linux [wikipedia.org] in and of itself, it is a Hypervisor [wikipedia.org]. ESXi boots a minimal Linux kernel, which then loads vmkernel (the Hypervisor) along with some other virtualization components. After vmkernel is loaded, it takes direct control of the hardware and partitions the Linux kernel off into the first VM with a custom BusyBox shell (compiled for vmkernel support) as the Service Console. While the vmkernel does utilize a proc filesystem and some modified linux kmods for 3rd party device driver support, it in and of itself is a microkernel and does not nearly contain all of the Linux API's. It has very few ways to communicate with the outside world, one of them being the Service Console itself. But you can literally crash (and reboot) or CPU bound the Service Console up completely and have little to no effect on the other VM's running on that host.

    ESX did contain a mostly complete Linux distro that was also cast off into a guest VM after vmkernel loaded. This Service Console was based off of RHEL, but they've abandoned ESX support in the latest versions of their Hypervisor releases and it will eventually be EOL [vmware.com].

Slashdot Top Deals

New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman

Close