OSX.Crisis -Virtual malware is an advanced threat
Symantec reported a new malware for Mac called OSX.Crisis. Crisis malware has functionality to spread to four different environments: Mac, Windows, virtual machines, and Windows Mobile. It is an advanced threat not only in function, but also in the way it spreads. The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device.
Specifically in virtual environments, the threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool. It does not use vulnerability in the VMware software itself. It takes advantage of an attribute of all virtualization software: namely that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machine is not running as is the case above.
“This may be the first malware that attempts to spread onto a virtual machine,” said Shantanu Ghosh, VP & MD, India Product Operations, Symantec “Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.”
Virtualization presents organizations with tremendous opportunities, as well as some significant challenges. This transformative technology provides the basis for the convergence of mobile and cloud computing, a convergence that is rapidly changing the face of IT as it enables enterprises to consolidate resources, improve responsiveness and support the business agility in a more cost effective manner than ever before. However, security is one of the top concerns for businesses who are considering a virtualization solution. According to the India findings of the Symantec 2011 Virtualization and Evolution to the Cloud Survey, seventy-six percent listed security as a significant/extreme challenge to implementing server virtualization.