Cloud Computing Related News, Media and Press Releases

The Cloud Computing Newswire

Subscribe to The Cloud Computing Newswire: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get The Cloud Computing Newswire: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Cloud Newswire Authors: Kevin Jackson, Simon Hill, Simon Hill, Amit Kumar, Breaking News

Related Topics: Cloud Interoperability, Ubuntu Linux Journal, Open Source Journal, Objective-C Developer, Cloud Computing Newswire

Cloud Newswire: Blog Feed Post

Introducing The Virtual Machine Trojan

Sergio Castro has released a functional, open source Virtual Machine Trojan called ViMTruder. I've held off a few days before posting this news. I wasn't sure if helping spread the news would do more harm then good but, several other blogs have picked up the story, so why not.

So what is a Virtual Machine Trojan? According to Castro virtual machine trojans are seemingly benign virtual machine you download from the Internet contains a trojan. The objective of the trojan is to remotely take control of the machine for nefarious purposes: steal information, send spam, conduct click fraud, stage denial of service attacks within a botnet, etc.

ViMtruder is written in Python and consists of a client which is installed within a virtual machine, and a control server, which sits in a host on the Internet. The virtual machine, running Linux, is configured to automatically run the VMT client in the background upon boot up. The VMT tries periodically to contact the control server through the Internet using port 80 outbound. Once the control server links with the VMT, you can send it Nmap commands to scan the target LAN where the VMT is connected.

The types of attacks a VMT can execute are different than a normal trojan. The VMT does not have access to the host machine; rather, it has access to the local network. Therefore, a VMT can be programmed to do the following:

1) Sniff traffic in the local network
2) Actively scan the local network to detect machines, ports and services
3) Do a vulnerability scan to detect exploitable machines in the local network
4) Execute exploits in the local network
5) Brute force attacks against services such as ftp and ssh
6) Launch DoS attacks within the local network, or against external hosts
7) And of course, send spam and conduct click fraud

My first thought is imagine something like this embedded into an EC2 AMI and the potential damage it would cause.

Read the original blog entry...

More Stories By Reuven Cohen

An instigator, part time provocateur, bootstrapper, amateur cloud lexicographer, and purveyor of random thoughts, 140 characters at a time.

Reuven is an early innovator in the cloud computing space as the founder of Enomaly in 2004 (Acquired by Virtustream in February 2012). Enomaly was among the first to develop a self service infrastructure as a service (IaaS) platform (ECP) circa 2005. As well as SpotCloud (2011) the first commodity style cloud computing Spot Market.

Reuven is also the co-creator of CloudCamp (100+ Cities around the Globe) CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas and is the largest of the ‘barcamp’ style of events.