Sign in with
Sign up | Sign in
Your question
Closed

Crisis Believed to be First Malware Infecting Virtual Machines

Last response: in News comments
Share
August 24, 2012 4:27:25 PM

Well that sucks! It's going to be hard to get a handle on that one, just add one more JAVA exploit to the list.
Score
11
Related resources
Can't find your answer ? Ask !
August 24, 2012 4:30:22 PM

now, can it run crysis?
Score
16
August 24, 2012 4:38:21 PM

LOL @ "infecting MACs". Yeah, I've heard this one before.,.."MACs don't get viruses"...
Score
22
August 24, 2012 4:48:52 PM

myllocnow, can it run crysis?

It runs on Crysis.
Score
10
Anonymous
August 24, 2012 4:54:31 PM

Now, I see that it can infect VMs through the host, but is the reverse true? Can the host be infected by a virus through the VM?
Score
0
August 24, 2012 4:55:29 PM

Java is malware by itself.
Score
11
August 24, 2012 5:03:57 PM

Quote:
Now, I see that it can infect VMs through the host, but is the reverse true? Can the host be infected by a virus through the VM?


Excellent question... I expect we'll here more about this in a couple months (after it does some real damage). Just cuz they found one variant doesn't mean the threat is over... Just means they've identified one new family of threats to keep an eye one.
Score
2
August 24, 2012 5:09:45 PM

This is why I keep most of my machines of the net from now on, second those bloated windows updates grrr.
Score
-5
August 24, 2012 5:37:24 PM

M1A1DNow, I see that it can infect VMs through the host, but is the reverse true? Can the host be infected by a virus through the VM?
Yes - in theory. The closest I've heard of is an exploit against the Xbox 360 VM which allowed virtualized software (most everything on the console) to get access to the hardware. But it was only used by some hackers to install Linux on it.
Score
1
August 24, 2012 5:43:28 PM

That's why I use Noscript with Java disabled.
Score
0
August 24, 2012 5:48:40 PM

You guys hate Java?, and if you do, why?
Score
0
August 24, 2012 6:08:03 PM

nforce4maxThis is why I keep most of my machines of the net from now on, second those bloated windows updates grrr.


So you keep most of your machines from the net because things are "distributed via social engineering and tricks a user into running a Java applet Flash installer."? I take it you don't have a phone either because someone keeps tricking you into sending money to a prince in india? You can turn off windows updates btw. Though you should keep installing the security patches.
Score
1
August 24, 2012 6:10:32 PM

I guess an encrypted VM volume would prevent this from happening?
Score
0
August 24, 2012 7:09:19 PM

lol I just read the Crysis 3 article then I was like WTF since when is Crysis malware?
Score
6
August 24, 2012 8:34:41 PM

HiiiYou guys hate Java?, and if you do, why?


Did you read the article?

"Crisis is distributed via social engineering and tricks a user into running a Java applet Flash installer."

Java is a security risk, and Flash is even worse. It's not a matter of "hating Java", it's a matter of caring about security when you connect to the internet.

;) 
Score
1
August 24, 2012 9:02:41 PM

"Cloud computing is the future"

And so are the new breeds of malware...
Score
0
August 24, 2012 9:06:53 PM

Marcus52Did you read the article?"Crisis is distributed via social engineering and tricks a user into running a Java applet Flash installer."Java is a security risk, and Flash is even worse. It's not a matter of "hating Java", it's a matter of caring about security when you connect to the internet.


Now, don't put java and flash in the same bracket.
Many people seems to confuse java with javascript, which are two completely separate things.
For example, when it is said that the chrome browser is really fast for java, it is really implicated to mean that it is fast for javascript, not Java the language.
Most security risks come from javascript, the java language isn't nearly as common as javascript on the web.
And the so often nagging "update java" from oracle that have you update java manually has nothing to do with the javascript that many people really think is java.
And in this exploit there is a third thing, java-applet, which is based on java the language, not javascript.

Somebody else talked about using "noscript" to block java. I don't use noscript, but isn't that blocking javascript and not java? Or is it blocking both?
Score
2
August 24, 2012 11:39:57 PM

Marcus52Did you read the article?"Crisis is distributed via social engineering and tricks a user into running a Java applet Flash installer."Java is a security risk, and Flash is even worse. It's not a matter of "hating Java", it's a matter of caring about security when you connect to the internet.


I did not, thank you for the answer.
Score
0
August 25, 2012 12:08:30 AM

Sad. but now they know that it can happen and now start the hunt instead of the "phantom if". As for windows updates please tell me you are getting the security updates at least, an updated Windows is hard to get into. @in_the_loop thanks for posting that early.
That said I hate all the Java & Flash exploits.
Score
0
August 25, 2012 2:22:33 AM

nforce4maxThis is why I keep most of my machines of the net from now on, second those bloated windows updates grrr.

You know that those Windows Updates that you hide from patch and fix security holes and vulnerabilities that popup. Staying away from them just makes your computer more vulnerable for that one day that you do put them online.
Score
0
August 25, 2012 2:23:34 AM

I read that as Crysis...my bad...
Score
0
August 25, 2012 12:55:46 PM

Those Windows Updates usually come AFTER a threat has exploded and inflected millions of users already. But at least Microsoft tries to get the fix out as fast as possible. Adobe blatantly lets security holes stay unfixed for months on end, that's why I hate them. The last few viruses I've gotten have all been from Flash or Adobe's PDF Reader.
Score
0
!