John Leyden in The Register:
Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process.
The Crisis malware typically arrives in a Java archive file (.jar) and is typically installed by posing as a Flash Player Java applet to trick a victim into opening it.
The archive contains executable files targeting Apple and Microsoft operating systems; the malware is able to detect which platform it is running on and serve up the correct variant.
Once launched, the worm puts in place a rootkit to hide itself from view; installs spyware to record the user’s every move on the computer; and opens a backdoor to the IP address 176.58.100.37, allowing miscreants to gain further access to the machine, according to a write-up of the threat by Kaspersky Lab. The malicious code also, unsurprisingly, survives across reboots.
The Windows variant can kill off antivirus programs, log keypresses, download and upload files, take screengrabs, lift the contents of the user’s clipboard, record from the computer’s webcam and mic, and snoop on these applications: Firefox, Internet Explorer, Chrome, Microsoft Messenger, Skype, Google Talk and Yahoo! Messenger.
