Thursday, April 23, 2009

Virtualization Security? Virtual Machine Trojans are here.

Bookmark and Share

We all know the technologies that exists today to secure infrastructure from Trojans.  Current technologies that are available will protect infrastructure if some anti-malware or anti-virus is installed on your machine.

But what if someone downloads virtual machine (VM) image directly from Internet on your IT infrastructure?  There is no way that security software installed on your machine will able to recognize threat inside your VM image as your security software may not able to dig into your VM image or may not have access to your VM image (that you have booted). Hence Trojan inside your virtual machine will never get scanned or caught.

Virtual Machine Trojan (ViMtruder) comes embedded inside virtual machine image. You can read a article detailing threat of virtual machine Trojan at www.infosecgura.net.

ViMtruder has client/server architecture. Client is installed insider virtual machine and control server machine will be somewhere on Internet. Client runs automatically when VM image boots up and tries to contact periodically to control server on Internet using outbound port 80 (http port). It should be noted that http port 80 is generally open under most of the firewall policies. The possible threat is once ViMtruder client connects to control server it can scan network infrastructure where VM image is booted. There could be many other attacks that could be possible on network infrastructure.

You can download POC (Proof-Of-Concept) code from code.google.com.

So next time when you download any virtual machine image from Internet then make sure you download it from trusted source. Install and boot it first in isolated network environment (may be I am too paranoid) and make sure it is clean from such treats.

IMO, there could be serious implications of this considering wide spread of cloud computing and virtualization technologies that are being used with cloud computing.


No comments:

Post a Comment

Your valuable comments are welcome. (Comments will be moderated.)

 




Technology