[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Virtual Machine Trojans: a new type of threat?
- To: fuego216@xxxxxxxxx
- Subject: Re: [Full-disclosure] Virtual Machine Trojans: a new type of threat?
- From: sergio@xxxxxxxxxxxxxx
- Date: Sat, 18 Apr 2009 06:34:36 -0700
<html><body><span style="font-family:Verdana; color:#000000;
font-size:10pt;">In the case of normal, known trojans inside a virtual machine
using Windows, yes, maybe the AV int the host could find the pattern of the
trojan in the VM image before running.<br>But loading a trojan into a Linux
virtual machine and then distributing is a very targetet attack. The attacker
has root access, and can craft the trojan any form s/he wants. I don't see how
the AV would detect this type of custom-made trojan.<br><br>
<blockquote webmail="1" style="border-left: 2px solid blue; margin-left: 8px;
padding-left: 8px; font-size: 10pt; color: black; font-family: verdana;">
<div >
-------- Original Message --------<br>
Subject: Re: [Full-disclosure] Virtual Machine Trojans: a new type of<br>
threat?<br>
From: Julio César_García_ Vizcaíno <fuego216@xxxxxxxxx><br>
Date: Fri, April 17, 2009 9:38 pm<br>
To: Peter Ferrie <peter.ferrie@xxxxxxxxx><br>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx<br>
<br>
This is a very known issue in malware testing.<br>
<br>
The threat depends on the AV used in the host.<br>
<br>
It would be interesting which AVs really scan the virtual machines<br>
files.<br>
<br>
Bye!!<br>
<br>
El vie, 17-04-2009 a las 14:09 -0700, Peter Ferrie escribió:<br>
> > When a user downloads a virtual machine from the Internet, and
then<br>
> > runs it on his/her computer, the antivirus installed in the host
machine<br>
> > simply does not have access to the virtual machine, so the virtual
machine<br>
> > does not get scanned.<br>
> <br>
> That is simply not true. AVs can see inside VM images, and scan the
files.<br>
> The user can also install the AV inside the VM, which will also see the
files.<br>
> <br>
> _______________________________________________<br>
> Full-Disclosure - We believe in it.<br>
> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html";
target="_blank"
mce_href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
> Hosted and sponsored by Secunia - <a href="http://secunia.com/";
target="_blank" mce_href="http://secunia.com/";>http://secunia.com/</a><br>
<hr>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html";
target="_blank"
mce_href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/"; target="_blank"
mce_href="http://secunia.com/";>http://secunia.com/</a>
</div>
</blockquote></span></body></html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/