Security researchers often use virtual machines to sandbox malware while examining and testing it. As a countermeasure attackers try to detect such virtual environments and look for ways to break the containment to reach the host system. A paper by Symantec Advanced Threat Research discusses potential attack vectors and provides specific information for Xen, VMware, VirtualPC and others, complete with example code.
- Attacks on Virtual Machine Emulators, report from Symantec