News
Symantec: Crisis Malware Has Evolved
Symantec: Crisis Malware Has Evolved
Symantec has reported that the Crisis/Morcut malware that was initially affecting Mac users has now spread to other platforms including Windows, virtual machines, and Windows Mobile. The threat uses three methods to infect other systems: Copying itself and an autorun.inf file to a USB flash drive, sneaking onto a VMware virtual machine, and finally by dropping modules onto a Windows Mobile device.
The threat searches for a VMware virtual machine image on the compromised computer and if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool. This malware is the first malware that attempts to spread onto a virtual machine. Many threats terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed.
Crisis/Morcut is able to record Skype conversations, capture traffic from instant messaging, and track websites visited in Firefox or Safari. Fortunately, iOS and Android users are not affected by Crisis/Morcut as these devices use Remote Application Programming Interface.
For more news on Symantec, please click here.
