Welcome!

Linux Authors: Katharine Hadow, Hovhannes Avoyan, Anatoly Krivitsky, Pat Romanski, Suresh Krishna Madhuvarsu

Related Topics: Cloud Expo

Cloud Expo: Article

Cloud Security: Introducing The Virtual Machine Trojan

Introducing The Virtual Machine Trojan
By Reuven Cohen
Article Rating:
April 21, 2009 10:00 AM EDT
Reads:
 532

Sergio Castro has released a functional, open source Virtual Machine Trojan called ViMTruder. I've held off a few days before posting this news. I wasn't sure if helping spread the news would do more harm then good but, several other blogs have picked up the story, so why not.

So what is a Virtual Machine Trojan? According to Castro virtual machine trojans are seemingly benign virtual machine you download from the Internet contains a trojan. The objective of the trojan is to remotely take control of the machine for nefarious purposes: steal information, send spam, conduct click fraud, stage denial of service attacks within a botnet, etc.

ViMtruder is written in Python and consists of a client which is installed within a virtual machine, and a control server, which sits in a host on the Internet. The virtual machine, running Linux, is configured to automatically run the VMT client in the background upon boot up. The VMT tries periodically to contact the control server through the Internet using port 80 outbound. Once the control server links with the VMT, you can send it Nmap commands to scan the target LAN where the VMT is connected.


The types of attacks a VMT can execute are different than a normal trojan. The VMT does not have access to the host machine; rather, it has access to the local network. Therefore, a VMT can be programmed to do the following:

1) Sniff traffic in the local network
2) Actively scan the local network to detect machines, ports and services
3) Do a vulnerability scan to detect exploitable machines in the local network
4) Execute exploits in the local network
5) Brute force attacks against services such as ftp and ssh
6) Launch DoS attacks within the local network, or against external hosts
7) And of course, send spam and conduct click fraud

My first thought is imagine something like this embedded into an EC2 AMI and the potential damage it would cause.

Published April 21, 2009 – Reads 532
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Reuven Cohen

Reuven Cohen is Founder & CTO for Toronto based Enomaly Inc. - leading developer of Cloud Computing products and solutions focused on enterprise businesses. Enomaly's products include the Enomaly elastic computing platform, an open source cloud platform that enables a scalable enterprise IT and local cloud infrastructure platform. Cohen is a thought leader in the emerging cloud computing industry and maintains a blog at www.elasticvapor.com.

Reuven is also founder of several technology organizations;
 Enomaly.com - Elastic Computing Platform (Cloud Computing),
Cloud Camp - Local Cloud Computing events,
the Unified Cloud Interface Project - Semantic Cloud Abstraction API
Cloud Interoperability Forum - Cloud Standards Group.

(twitter @ruv : Linkedin : RSS Feed)