Crisis Malware’s Attack Shows Success vis-à-vis Virtual Machines with VMware, Reports Symantec

Security experts from Symantec the anti-virus provider have said that the Intego-detected malware, 'Crisis' during July 2012, can contaminate the VM's (virtual machine) VMware pictures, detachable USB drives and Windows Mobile gadgets, through computers running Windows OS.

Also, the virus spreads through attacks based on social engineering tactics, which deceptively make end-users execute one malevolent Java applet that figures out the operating system on the infected computers. Once identified if it's Mac OS X or Windows, the applet then runs the matching malware downloader.

Takashi Katsuki, security researcher at Symantec blogged that Crisis looked for an image from a VMware on the hijacked PC followed with manipulating that image so it could replicate itself on the picture via utilizing a 'player' of the VMware, thus published symantec.com dated August 20, 2012.

And though a malware attacking VMs as with Crisis is unprecedented, Katsuki simultaneously stressed that it didn't abuse security flaws within VMware's software. Instead it targeted the method of storing virtual machines in the form of the host computer's files. The VM-representing files could normally be straight away mounted or manipulated and this could even be whilst VM isn't enabled, the researcher explained. SecurityWatch published this dated August 21, 2012.

Katsuki further explained that normally malicious programs would become inactive with the discovery of monitoring software of virtual machines namely VMware so it might escape detection. But the case of Crisis reflected a subsequent leap ahead by developers of malicious software.

And while the malware, by installing programs on detachable devices inserted inside hijacked Windows-PCs, disseminates onto Windows Mobile gadgets, it doesn't impact iPhones or Androids.

Crisis' additional abilities emphasizes that its development is pretty professional because it offers spyware, which intercepts operations on Instant Messaging (IM) clients and Web-browsers, as well as utilizes rootkits, which remain immune to reboots. All these enable the malware to capture end-users' financial data profusely.

Interestingly, Crisis' infections haven't been large. It has victimized 21 computer-owners in all and they're located in Iraq, Iran, Oman, Turkey, Tajikistan, Kyrgyzstan, Kazakhstan, Italy, Brazil and Mexico, as per Kaspersky Labs' detection whose researchers have dubbed the malicious program 'Morcut.'

Related article: Charges Against 5 Persons in E-Banking Malware Fraud

» SPAMfighter News - 8/27/2012