Hi !


Crisis malware targets virtual machines
!

Crisis, also known as Morcut, is a rootkit which infects both Windows and Mac OS X machines using a fake Adobe Flash Player installer. Discovered in July, the trojan OSX.Crisis targets Windows and Mac OS users and is able to record Skype conversations, capture traffic from instant messaging, and track websites visited in Firefox or Safari.
However, it has now come to light that the malware can be spread in four different environments -- including virtual machines.


It is spread through "social engineering attacks" -- in other words, it tricks a user into running a Java applet Flash installer, detects the operating system, and runs the suitable trojan installer through a JAR file. Both released .exe files open a back door, compromising the computer.
Originally, it was believed the malware could only spread on these two operating systems. However, Symantec has found a number of additional means of replication. One method is the ability to copy itself and create an autorun.inf file to a removable disk drive, another is to insinuate itself onto a VMware virtual machine, and the final way is to drop modules onto a Windows Mobile device.

Katsuki writes on the official Symantec blog:

"The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool. This may be the first malware that attempts to spread onto a virtual machine."
full story: Crisis malware targets virtual machines | ZDNet


You´re thinking you are safe when running a VM ?
Make sure you have a good antivirus-program on both the host-O/S and the VM...