Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Crisis virus attempts to infect virtual machines running on VMware Workstation or Player using legitimate functionality (2033939)

Details

On August 20, 2012, Symantec published a blog post on the Crisis virus: http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines.This virus spreads to systems running Windows or Mac OS X through social engineering. Users must install a masqueraded JAR file. Once the virus is present on a Windows system, it tries to infect virtual machines that are present on the system.

The Crisis virus is capable of infecting virtual machines if it is present on a Windows system that runs VMware Workstation or VMware Player. The virus uses legitimate functionality to mount virtual machines. It does not use any vulnerabilities in VMware Workstation or Player to infect the virtual machines.

If present on Mac OS X, the Crisis virus does not attempt to infect virtual machines running in VMware Fusion.

The Crisis virus does not spread to systems running ESX/ESXi. Virtual machines that run on ESX/ESXi cannot be infected by this virus.

Solution

Windows users that run VMware Workstation or VMware Player are advised to practice good security on the host:
  • Practice safe browsing. Do not visit untrusted Web sites.
  • Do not open untrusted files downloaded from the Web.
  • Run anti-virus software and keep it up-to-date.
  • Keep current with Windows updates.

The above measures minimize the risk of introducing the Crisis virus to Windows systems.

You can use additional measures to protect virtual machines against the Crisis virus:

  • The Crisis virus cannot infect encrypted virtual machines. VMware Workstation has a feature that allows encryption of virtual machines.
  • Consider using third-party whole-disk encryption tools or Windows BitLocker Drive encryption (if available) on sensitive desktops.
  • If VMware Workstation or Player is used to create virtual machines that are later used on ESX/ESXi hosts, take care that the systems on which virtual machines are created are secure and regularly audited.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 4 Ratings
Actions
KB: