Crisis Financial Malware Spreads Via Virtual Machines

[Mousey]

You do not have permission to view link Log in or register now.

Malicious code, disguised as a VeriSign-approved Adobe Flash installer, affects Macs, Windows PCs, and Windows Mobile devices.

By Mathew J. Schwartz InformationWeek
August 21, 2012 09:02 AM
The recently discovered Crisis financial malware can spread using capabilities built into VMware virtual machines.

Also known as Morcut, the malicious rootkit--spread via an installer that's disguised as an Adobe Flash Player installer--was first discovered last month by antivirus vendor Kaspersky, which found it targeting Apple OS X systems. But the installer, which is a Java archive (a.k.a. JAR) file--dubbed Maljava by Symantec--that claims to have been signed by VeriSign, also includes the ability to infect Windows machines with the Crisis rootkit.


"The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer's [operating system] and drops the suitable executable file," said Takashi Katsuki, a software engineer at Symantec Security Response, in a blog post. "Both these executable files open a back door on the compromised computer." ....