Most Malware Now Runs On Virtual Machines Too

Malware concept

In the past, most forms of malware would not run on virtual machines, which was a way to avoid detection and study. That now seems to be changing, however. Jeremy Kirk reports at Computer World how malware has changed its tactics and why malware producers are now interested in infecting VMs.

To understand the reasoning behind wanting to infect VMs, you only need to understand that most malware is created to infect as many users and environments as possible. If there’s a limitation that the malware won’t run on VMs, that greatly limits the potential for infection. This is particularly true with VMs becoming more typical in many businesses’ infrastructure.

Instead of ceasing operations on VMs, malware now is being produced with the goal of moving from a virtual machine to its host server, which could then give it access to many more environments.

Malware is typically easy to detect if it begins executing immediately after being downloaded, however. So, to avoid detection on VMs, malware comes with a delay. Before decrypting and launching their payload, malware waits a few minutes, or until a specified number of left mouse clicks are made by the user. This is usually enough time for security programs to label the file as harmless and move on.

Over the past two years, security firm Symantec studied 200-thousand samples of malware and found that only 18-percent stopped working on a virtual machine. While this does introduce the possibility of malware spreading from VMs to servers, it also creates an opportunity for researchers. Now, they’ll be able to study malware in a detached environment.

Unfortunately, since 18-percent of malware still disappears on a virtual machine, hardware is still needed to be sure that all infections are found.

For help removing malware from your devices, call Geek Rescue at 918-369-4335.

For your business solutions needs, visit our parent company JD Young.

August 13th, 2014