SYMANTEC: malicious programs invade into virtual hosts

Symantec recently discovered that it could span both Microsoft and Mac operating systems. crisis will also launch attacks against VMware virtual hosts, which is the first malicious program to launch attacks against virtual hosts.

Symantec said the OSX. the Crisis malicious program itself has a JAR file that can be used to execute activities in both Microsoft and Mac operating systems. Such execution files can automatically detect the server environment, if the server has another virtual host, the malicious program will look for the VMware image file and use the VMware Player Tool to open the virtual host to implant the malicious program.

Symantec pointed out that many anti-virus software will perform sandbox detection in virtual environments to improve detection efficiency. In the past, malicious programs have detected virtual environments in the operating system to avoid detection of anti-virus software, the action is stopped to hide its traces. However, OSX. Crisis is the first malicious program that tries to replicate and infect other virtual environments.

According to Symantec's observation, This OSX. crisis malware originally entered the enterprise's internal network through social engineering. They can record Skype sessions and instant communication conversations between MSN and green ducks, you can also steal records from Safari and Firefox, or connect them to the Central Control Host of the slave network.

To prevent the spread of such malicious programs, Symantec said that enterprises can first check whether the virtual host and the physical server must share the network, first cut off unnecessary network connections; in addition, the malicious program can be copied through USB to prevent Autorun functions of all external storage devices. To ensure the security of virtual hosts, we recommend that you install anti-virus software on the Guest OS of each virtual host.