In the past few years, the virtualization concept became very popular. A new study by Symantec discussed the threats to the virtual environment.
The study shows the new security challenges with the virtual environment, threats such as that the network traffic may not be monitored by services such as IDS or DLP.
The paper covers how malware behaves in a virtual environment. One example of malware that targets virtual machines is W32.Crisis. This malware doesn’t exploit any specific vulnerability; basically it takes advantage of how the virtual machines are stored in the host system. Virtual machines are stored as sets of files and can be manipulated or mounted with free tools.
The study addresses using VMs as a system for malicious code analysis; for example, in some cases when a malicious code detects that it's running in a virtual machine, it will send false data, such as trying to connect to C&C with an incorrect IP address. The study shows that the number of malware that detects VMs has increased in the past couple of years. For more reliable results, the study suggests that security researchers should use physical hardware in a controlled network instead of virtual machines.
In the last section, the paper suggests the best practices to secure the virtual environment.