dcsimg

Crisis Financial Malware Spreads Via Virtual Machines

Security experts say this is the first known malware that attempts to propagate by virtual machines.

WEBINAR:
On-Demand

How to Help Your Business Become an AI Early Adopter


InformationWeek: Security experts have issued warnings about new malware that appears to be a signed Adobe Flash player installer. The rootkit, known as Crisis, Morcut or Maljava, is a Java archive (JAR) file that can attack both Windows and OS X systems.

According to Symantec's Takashi Katsuki, "The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device." The VMware attack vector is unique; Symantec says this is the first piece of malware it has seen that tries to propagate by virtual machine. Katsuki explained, "[Crisis] takes advantage of an attribute of all virtualization software: namely, that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running."




Tags: Java, security, malware, virtual machine


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 

IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.





×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.