Virtual malware
What is it?
Worms have become increasingly aware of the virtual environment. Security researchers have long used "honeypots" to conduct research on malware. Virtualization is used to provide a controlled and easily replicable honeypot platform.
How does it work?
Malware developers have learned how to detect when their code is running in a virtualized environment and then hide themselves. The malware can identify its hosting platform as virtualized by looking for certain virtualized hardware devices identifying BIOS characteristics typical of VMs.
Should I be worried?
Currently, the known examples of virtualization-aware malware only use the platform knowledge to hide. But, the next step is to exploit the virtual infrastructure to propagate the malware.
How can I prevent it?
Virtual firewalls are essential to protecting the virtual environment by reducing the risk of initial infection and thwarting the ability of malware to propagate across virtual machines. Apply the same OS security best practices to guest VMs as are used for physical machines. This may include anti-virus software, patch management and system hardening.
