Malware Writers Eye Virtual Servers

"You can follow best practices on all of your virtual machines. But at the end of the day, you're putting a lot of trust in the virtual machine platform layer itself," Debenedette says. "This layer also called the hypervisor, the virtual kernel or virtual machine monitor sits between the hardware Relevant Products/Services and all its device drivers, including the operating system, which puts it in a very authoritative position."

Security watchers have not confirmed any exploits at this layer; but virtual-machine-aware malware, such as RedPill, and virtual-machine rootkits, such as BluePill, are common. Debenedette rightfully frets about this new platform layer: It's a vector into which virtual-machine malware writers are trying to break, experts say.

In this virtual environment, effective security best practices are sorely needed. In addition to physical machines, virtual machines must be managed and secured. Network defenses must be tuned to watch for rogue traffic on them. And the virtual-machine layer must be built safely and defended from up-and-coming forms of attackware. NewsFactor Network | Malware Writers Eye Virtual Servers

Linked by shanmuga Sunday, 9th September 2007 7:08AM