Full Disclosure mailing list archives

Re: Virtual Machine Trojans: a new type of threat?

From: Julio César García Vizcaíno <fuego216 () gmail com>
Date: Fri, 17 Apr 2009 23:38:20 -0500

This is a very known issue in malware testing.

The threat depends on the AV used in the host.

It would be interesting which AVs really scan the virtual machines
files.

Bye!!

El vie, 17-04-2009 a las 14:09 -0700, Peter Ferrie escribió:

When a user downloads a virtual machine from the Internet, and then
runs it on his/her computer, the antivirus installed in the host machine
simply does not have access to the virtual machine, so the virtual machine
does not get scanned.


That is simply not true.  AVs can see inside VM images, and scan the files.
The user can also install the AV inside the VM, which will also see the files.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: Esta parte del mensaje está firmada digitalmente

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Virtual Machine Trojans: a new type of threat? sergio (Apr 17)
- Re: Virtual Machine Trojans: a new type of threat? Peter Ferrie (Apr 17)
  - Re: Virtual Machine Trojans: a new type of threat? Julio César García Vizcaíno (Apr 17)
  - Re: [inbox] Re: Virtual Machine Trojans: a new type of threat? Exibar (Apr 18)
- <Possible follow-ups>
- Re: Virtual Machine Trojans: a new type of threat? sergio (Apr 18)
- Re: Virtual Machine Trojans: a new type of threat? sergio (Apr 18)
  - Re: Virtual Machine Trojans: a new type of threat? Pavel Kankovsky (Apr 19)
    - Re: Virtual Machine Trojans: a new type of threat? Eduardo_Godinho (Apr 19)