[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Virtual Machine Trojans: a new type of threat?

To: full-disclosure-request@xxxxxxxxxxxxxxxxx, ull-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Virtual Machine Trojans: a new type of threat?
From: sergio@xxxxxxxxxxxxxx
Date: Sat, 18 Apr 2009 06:22:58 -0700

<html><body><span style="font-family:Verdana; color:#000000; 
font-size:10pt;"><font style="font-family: Verdana;" size="2" color="#000000" 
face="Verdana">Hi,<br><br>Of
course users can install an AV inside de VM. The whole point of the
article is, how does the IT manager prevent users from downloading VMs
without permission and bring a Trojan into the network?<br>When a user
downloads software without permission, the IT manager at least knows
that the AV installed on the host machine will very probably stop a
virus or trojan. But the AV will not be able to scan a VM.<br>And as to
the AV seeing inside the VM image, it might detect run of the mill
trojans, but it will not detect specially crafted virtual machine
trojans, simply because of the low infection levels and thus lack of
recognizable patterns.<br>Did you try out ViMtruder? That's a very
simple Python script, yet no AV would detect it, of course. Now imagine
a trojan deeply embedded within the Linux operating system of the VM.<br>You 
may want to read the full article:<br><a 
href="http://www.infosegura.net/VMTthreat.html"; 
target="_blank">http://www.infosegura.net/VMTthreat.html</a><br><br>Regards,<br><br>Sergio</font><br><br>
<blockquote webmail="1" style="border-left: 2px solid blue; margin-left: 8px; 
padding-left: 8px; font-size: 10pt; color: black; font-family: verdana;">
<div   >
-------- Original Message --------<br>
Subject: Re: [Full-disclosure] Virtual Machine Trojans: a new type of<br>
threat?<br>
From: Peter Ferrie &lt;peter.ferrie@xxxxxxxxx&gt;<br>
Date: Fri, April 17, 2009 2:09 pm<br>
To: full-disclosure@xxxxxxxxxxxxxxxxx<br>
<br>
&gt; When a user downloads a virtual machine from the Internet, and then<br>
&gt; runs it on his/her computer, the antivirus installed in the host 
machine<br>
&gt; simply does not have access to the virtual machine, so the virtual 
machine<br>
&gt; does not get scanned.<br>
<br>
That is simply not true.  AVs can see inside VM images, and scan the files.<br>
The user can also install the AV inside the VM, which will also see the 
files.<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html"; 
target="_blank" 
mce_href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/"; target="_blank" 
mce_href="http://secunia.com/";>http://secunia.com/</a><br>

</div>
</blockquote></span></body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] LinkedIn DB dump
Next by Date: Re: [Full-disclosure] Virtual Machine Trojans: a new type of threat?
Previous by thread: [Full-disclosure] LinkedIn DB dump
Next by thread: Re: [Full-disclosure] Virtual Machine Trojans: a new type of threat?
Index(es):
- Date
- Thread