Malware for Windows Sneaks onto Virtual Machines

Posted: 06/09/2012 in antivirus, Cyber Crime, Geek Stuff, Hacking, malware, Windows
Tags: , , , , , , , ,

Caintech.co.uk

The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec. The installer was actually a Java archive (JAR) file which had been digitally signed by VeriSign.

Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user’s OS, Windows or Mac OS X and executes the corresponding installer.

The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device,” Symantec explained in a blog post.

Malware authors are putting significant efforts into making sure that new variants of their Trojan programs are not detected by antivirus products when they are released. Also, the threat is capable of spreading to Windows Mobile devices by dropping modules onto devices connected to compromised Windows computers, but does not affect Android or iPhone devices.

However, the Symantec researchers don’t know what these modules do yet. “We currently do not have copies of these modules and hence we are looking for them so we can analyze them in greater detail,” Katsuki said.

We currently do not have copies of these modules and hence we are looking for them so we can analyze them in greater detail,” Katsuki wrote. If you are the intended target, it’s very important that you have good security measures.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s