The folks over at SANS Internet Storm Center are pointing to a new study by Symantec that warns of threats posed by malicious code to virtual environments and warns that threats such as that the network traffic within virtual containers may not be monitored by services such as IDS or DLP.
The paper covers how malware behaves in virtual environments. Specifically, the report examines W32.Crisis, a malicious program that is known to target virtual environments. The Crisis malware doesn’t exploit any specific vulnerability, SANS notes. Rather: it takes advantage of how the virtual machines are stored in the host system to manipulate that environment for malicious purposes while escaping detection.