Symantec: Why virtual machines are a security risk

Security

by Jimmy Nicholls| 13 August 2014

Security company seeks to fix ‘misconception’ among firms.

Symantec is warning companies not to become complacent on security when using virtual machines, despite only one in five malware samples being able to detect them.

Viruses that discover they are running on virtual machines will often stop executing code, which has led some to believe they are immune from attack when using them.

Candid Wueest, threat researcher at Symantec, said: "Malware authors have realized that it is suspicious when an application detects that it is running on a VM, so they have stopped using those features in recent years.

"Malware authors want to compromise as many systems as possible, so if malware does not run on a VM, it limits the number of computers it could compromise."

Viruses sometimes do not execute immediately in order to bypass security, either waiting for a computer to restart itself, or acting after a set number of mouse clicks.

"Along with applying traditional security practices, administrators need to pay particular attention to virtual connections between guest virtual machines themselves," Wueest said.

"These connections might be invisible to traditional network security devices as they are not aware of them."

Malware samples investigated by the company showed those with the ability to detect virtual machines spiked at 28% during the start of the year, but the rate has remained fairly consistent since 2012, at around 20%.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

763 people like this.
2024 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.