With growth of cloud service , virtual machine become widely deployed. Nowadays, security issue was most concern when employ cloud service. Recently, Symantec has announced malware analysis report about Crisis. The most interesting thing is that Crisis can propagate though VMware, and this can be a good example of security issue of cloud service.
The only function demo by Crisis is copy it self into VM by VMware player tool. However with power of VMI technique proposed by many academic work, Mlaware can do almost everything from stealing information, killing Anti-Virus to invoking new process outside the VM. Due to this "out-of-box" character, system inside VM has no direct way to detect this kind of attack.
To raise this kind of attack, hacker should first get control of VMM. This can be done by misconfiguration of VM server, by insider attack, or some vulnerability of VM system(like vulnerability in Xen driver). Although attack to VM server is not an easy job, it still introduce a new attack vector that worthy to research in the future.
[1] Symantec Crisis Analysis Report
沒有留言:
張貼留言