Todd Ignasiak, Altor Networks
December 04, 2008
Update

Virtual malware

What is it?

 

 

 

Worms have become increasingly aware of the virtual environment. Security researchers have long used "honeypots" to conduct research on malware. Virtualization is used to provide a controlled and easily replicable honeypot platform.

How does it work?

Malware developers have learned how to detect when their code is running in a virtualized environment and then hide themselves. The malware can identify its hosting platform as virtualized by looking for certain virtualized hardware devices identifying BIOS characteristics typical of VMs.

Should I be worried?

Currently, the known examples of virtualization-aware malware only use the platform knowledge to hide. But, the next step is to exploit the virtual infrastructure to propagate the malware.

How can I prevent it?

Virtual firewalls are essential to protecting the virtual environment by reducing the risk of initial infection and thwarting the ability of malware to propagate across virtual machines. Apply the same OS security best practices to guest VMs as are used for physical machines. This may include anti-virus software, patch management and system hardening.
From the December 2008 Issue of SCMagazine »
Similar Articles
close

Next Article in News

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.