Security expert: Beware virtualisation in 2008

Security company McAfee has predicted that virtualisation will be an area of security concern in 2008.

McAfee told ZDNet.co.uk that companies need to understand the risks, as well as the benefits, before implementing virtualisation technologies. The company has an interest in predicting virtualisation as an attack vector, as it sells a virtualisation security product.

"Virtualisation will radically change a lot of things," said David Marcus, security research manager for McAfee Avert Labs. "The ability to run inside a virtual layer gives you a God-like view of the shell and allows for certain detections, but it also allows for new attack vectors."

Marcus said that virtual layers can each be attacked, but that his real fear was seeing malware that could escape onto an operating system.

"A lot of malware has the ability to run in a virtual machine, work out it's in a virtual session, then completely shut down," said Marcus. "It's not a large jump to go from malware realising it's in a session to it jumping out."

Marcus also warned that VoIP, or internet telephony, would also be a target in 2008.

"We think we'll end up seeing theft-of-service attacks, like old-style phreaking," said Marcus. "People will steal calls, divert calls and impersonate others."

McAfee also has a VoIP protection product.