Crisis Financial Malware Spreads Via Virtual Machines

Security experts say this is the first known malware that attempts to propagate by virtual machines.

InformationWeek: Security experts have issued warnings about new malware that appears to be a signed Adobe Flash player installer. The rootkit, known as Crisis, Morcut or Maljava, is a Java archive (JAR) file that can attack both Windows and OS X systems.

According to Symantec's Takashi Katsuki, "The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device." The VMware attack vector is unique; Symantec says this is the first piece of malware it has seen that tries to propagate by virtual machine. Katsuki explained, "[Crisis] takes advantage of an attribute of all virtualization software: namely, that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running."

Tags: Java, security, malware, virtual machine

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.