Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crisis Trojan Makes Its Way Onto Virtual Machines

Posted by Soulskill on from the virtual-security dept.

Trailrunner7 writes "The Windows version of the Crisis Trojan is able to sneak onto VMware implementations, making it possibly the first malware to target such virtual machines. It also has found a way to spread to Windows Mobile devices. Samples of Crisis, also called Morcut, were first discovered about a month ago targeting Mac machines running various versions of OS X. The Trojan spies on users by intercepting e-mail and instant messenger exchanges and eavesdropping on webcam conversations. Launching as a Java archive (JAR) file made to look like an Adobe Flash Installer, Crisis scans an infected machine and drops an OS-specific executable to open a backdoor and monitor activity. This week, researchers also discovered W32.Crisis was capable of infecting VMware virtual machines and Windows Mobile devices."

2 of 49 comments (clear)

  1. Re:err, A virtual machine is not a machine? by Sarten-X · · Score: 5, Informative
    Other way around: It can break into a VM from a Windows host. From TFA:

    The threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  2. Am I the first to make this joke? by gman003 · · Score: 5, Funny

    So as it turns out, yes, VMWare can run Crysis. Er, Crisis.