Threats to virtual environments
In the past few years the virtualization concept becomes very popular. A new study by Symantec [1] discussed the threats to the virtual environment and suggests the best practice to minimize the risk.
The study show the new security challenges with the virtual environment, threats such as that the network traffic may not be monitored by services such as IDS or DLP. Â Â Â
The paper covers how malware behave in virtual environment . One example of malware that target virtual machines is W32.Crisis .This malware doesnâ??t exploit any specific vulnerability , basically it take the advantage of how the virtual machines are stored in the host system. Virtual machine is stored as a set of files on the storage and it can be manipulated or mounted by free tools.
The study address using VMs as a system for malicious code analysis, for example in some cases when a malicious code detects thatâ??s its running in a virtual machine it will send a false data such as trying to connect to C&C with wrong IP. Â The study show that the number of malware that detect Vmware has been increased in the past couple years. For more reliable results the study suggests that security researcher should use physical hardware in controlled network instead of virtual machines. Â
In the last section of the paper it suggest the best practice to secure the virtual environment.
1 http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/threats_to_virtual_environments.pdf
Comments