Blog

New Malware Targets Mobile Devices and Virtual Machines

Posted by aonenetworks On August 24, 2012

Research indicates that a there is a new virus on the loose. Dubbed “Crisis,” the malware is capable of spreading to four different platforms, including Windows, Mac OSX, Windows mobile devices, and VMware virtual machines.

Crisis was first labeled exclusively a Mac Trojan that generally tracked websites and recorded emails and instant message conversations. However, Integro and Symantec have both found that the virus targets Windows and OSX users and, surprisingly, virtual machines. “This may be the first malware that attempts to spread onto a virtual machine,” Katsuki, an employee at Symantec, wrote in a blog post Monday. “Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.”

Crisis works by tricking computer users into installing a Java archive file that pretends to be an update to Adobe Flash. Once the virus has been installed, the malware identifies the machine’s OS and “adjusts” itself in the executable files as necessary.

Crisis then searches for a VMware virtual machine on the infected computer, and copies itself onto the image it finds using the VMware Player tool. The VMware Player tool allows for multiple operating systems to run on the same computer simultaneously. “It does not use a vulnerability in the VMware software itself,” the blog post from Symantec indicated. “It takes advantage of an attribute of all virtualization software: namely that the virtual machine is simply a file or series of files on the disk of the host machine. These files can usually be directly manipulated or mounted, even when the virtual machines is not running.”

The Windows “version” of Crisis can infect Windows phones that are connected to the computer at the time, however it cannot infect Android or iOS phones as of current.

Symantec says that they have active copies of the virus and are working on a solution currently.

 

Used with permission from Article Aggregator


    Get a Free Consultation

    Fill out the form below to get a free consultation and find out how we can make your technology hassle-free!


    Contact Information

    PHP Code Snippets Powered By : XYZScripts.com