Sign in / up

back to article Covert malware targets VMware shops for hypervisor-level espionage

Emerging covert malware can target VMware environments to allow criminals to gain persistent administrative access to hypervisors, transfer files, and execute arbitrary commands on virtual machines, according to VMware and Mandiant, which discovered such a software nasty in the wild earlier this year. Mandiant, the now-Google- …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. DougMac

    >> discovered a "never-before-seen technique" that used malicious vSphere Installation Bundles ("VIBs") to install multiple backdoors.

    Seems obvious that is how you'd need to install a backdoor on ESXi.

    One could run only with VMware signed VIBs and not allow anything else, but too bad the real world kicks in and generally any installation needs 3rd party VIBs to function in an enterprise environment.

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      "One could run only with VMware signed VIBs and not allow anything else, but too bad the real world kicks in and generally any installation needs 3rd party VIBs to function in an enterprise environment."

      In all VMware production environments I have ever administered, from single hosts to the rackful, I have never had any good reason to enable unsigned VIBs. The hosts and storage are almost always from some of the bigger vendors, i.e. those that VMware has custom installation ISOs.

      I can see use case for trying these in a test environment for VMware flings or other stuff from reputable vendors, but beyond that?

      ...or am I just an anomalous blip and everyone else is running unsigned drivers and software in their hosts?

      3 0 Reply
  2. amanfromMars 1 Silver badge

    Whilst Some May Dream of Elite Sanctions and Executive Exclusions, a 0Sum 0Day GamesPlay ...

    ..... A.N.Others More Magnanimous Provide Live Operational Virtual Environments ..... the Almighty Gift which just Keeps on Giving.

    One squanders and launders flash cash on the Virtual Parasite, the Other supplies such Hosts, as may be both Toasted by Supporters and Roasted by Critics alike, their Cyber Arenas with Vast Arrays of Immaculate Space Platforms in/on which to Perform and Display their Warefare.

    One doesn’t have to be a genius to realise which one makes all the money that systems and administrations are spending on trying to save money and protect prime proprietary intellectual property, whether private or public or pirate centric, but just in case those few words are discombobulating, the answer you are looking for does neither recognise nor realise the 0Day Dreamer and 0Sum GamesPlayer as a Valid Realistically Viable Infinitely Rich Cored Future Source for Past and Present Systems Enrichment.

    1 4 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like