[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Virtual Machine Trojans: a new type of threat?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Virtual Machine Trojans: a new type of threat?
- From: sergio@xxxxxxxxxxxxxx
- Date: Fri, 17 Apr 2009 11:04:59 -0700
<html><body><span style="font-family:Verdana; color:#000000;
font-size:10pt;"><div id="wikicontent" style="padding: 0pt 3em 1.2em 0pt;">
<div>Normal
trojans are a known threat, and we know how to mitigate them. But what
about virtual machine trojans? This is a proof-of-concept Virtual
Machine Trojan Visit www.infosegura.net/vimtruder.html for
details.</div><div><br> </div><div>Normal trojans are a known threat, and
we know how to mitigate them. But what about virtual machine trojans? A
VMT comes embedded within a virtual machine. When a user downloads a
virtual machine from the Internet, and then runs it on his/her
computer, the antivirus installed in the host machine simply does not
have access to the virtual machine, so the virtual machine does not get
scanned.</div><div><br> </div><div>ViMtruder
consists of a client which is installed within a virtual machine, and a
control server, which sits in a host on the Internet. The virtual
machine, running Linux, is configured to automatically run the VMT
client in the background upon boot up. The VMT tries periodically to
contact the control server through the Internet using port 80 outbound.
Once the control server links with the VMT, you can send it Nmap
commands to scan the target LAN where the VMT is connected. </div>
</div></span></body></html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/