Security company McAfee has predicted that virtualization will be an area of security concern in 2008.
McAfee told ZDNet UK that companies need to understand the risks, as well as the benefits, before implementing virtualization technologies. The company has an interest in predicting virtualization as an attack vector, as it sells a virtualization security product.
"Virtualization will radically change a lot of things," said David Marcus, security research manager for McAfee Avert Labs. "The ability to run inside a virtual layer gives you a God-like view of the shell and allows for certain detections, but it also allows for new attack vectors."
Marcus said that virtual layers can each be attacked, but that his real fear was seeing malware that could escape onto an operating system.
"A lot of malware has the ability to run in a virtual machine, work out it's in a virtual session, then completely shut down," said Marcus. "It's not a large jump to go from malware realizing it's in a session to it jumping out."
Marcus also warned that VoIP, or Internet telephony, would also be a target in 2008.
"We think we'll end up seeing theft-of-service attacks, like old-style phreaking," said Marcus. "People will steal calls, divert calls and impersonate others."
McAfee also has a VoIP protection product.