Guest virtual machine threats

Virtual machine (VM) threats vary by the guest operating system (OS) that is loaded into the VM. Each operating system has its own list of threats, with the Microsoft Windows OS at the top of the list. Given its popularity, the Windows operating system has been a prime target for years as attackers find different ways to compromise the OS itself or the popular Internet Explorer browser within Windows.

Over the past few years, Adobe and its Adobe Reader product have become a target for attackers. Since Adobe Reader is installed on the majority of Windows and Apple operating systems, compromising Adobe can potentially allow an attacker to access a very large number of computers.

Although the guest operating system is contained within each virtual machine, it interacts with the hypervisor by way of the virtual hardware that supports the VM as well as by the specific tools that allow the VM to interact with the hypervisor, through which the hypervisor provides specialized services to the VM.

There is evidence reported by Symantec that certain malware attempts to determine whether the operating system is running in a virtual machine. This detection can be done in a number of ways, including checking whether VMware tools are running. For more details, check the Symantec link in the References section.