zombie army

VM escape - using the hypervisor as an attack vector

Granted, no virtual machine escape hacks exist today, but if the IT security experts are right and this type of attack is eventually developed, then virtualized servers in the DMZ are basically sitting ducks. Brien M. Posey, Virtual servers no escape from IT security management concerns

Today’s WhatIs.com Word of the Day is virtual machine escape.  In theory, an attacker could get access to the hypervisor (if it was mis-configured or had some other vulnerability) and use it to control all the other virtual machines on the host.

Bob Plankers explains more in What is VM Escape?:

Since the hypervisor controls the execution of all of the virtual machines, an attacker that can gain access to the hypervisor can then gain control over every other virtual machine running on the host. Because the hypervisor is between the physical hardware and the guest operating system, an attacker will then be able to circumvent security controls in place on the virtual machine.

Can you image the power of a zombie army that included an almost infinite number of virtual machines?  An army that once established, had the power to create new soldiers (VMs) which one click?  Holy moly.  Big money there.

Overheard: Killing zombies in the LAN of the Dead

Before a zombie hunter can kill some zombies he has to find them. In the movies the hero can listen for low sorrowful moans or slow shuffling feet to track them down, or just look for the carnage of half eaten people. On your network you can look for similar signs of the undead so you can blast them to oblivion. Adrian Duane Crenshaw, LAN of the Dead: Putting computer zombies back in their grave, Ash style

Unlike a lot of bloggers who write about zombie armies, Adrian doesn’t just scare you — he actually tells you how to hunt down zombies on your network and and kill them.  Recommended reading.

Today’s word is zombie army

Overheard: Botnets and online poker

There are myriad ways hackers can cash out once they have obtained stolen bank accounts or credit card details…One way is to find a partner and create two accounts on an online poker site, loading up one of the accounts with cash from a stolen card. The pair then enter a heads-up game and the cashed-up player purposely loses, making the other account rich. They then cash out and split the profits. Asher Moses, Inside the hackers’ den

Hunched over a computer terminal in his pyjamas, “Frank” makes more money than a small-time drug dealer without ever having to worry about being caught or even leaving the house.