Yes, VMs can play Crisis
Enhanced security is one of the big benefits of running a virtualized PC—if the crud hits the rotating blades, you can simply wipe the disc image and start anew. But a piece of malware called Crisis turns that notion on its head.
Symantec reports that once Crisis settles in on your computer—you first have to download a malicious JAR file—it looks for VMware virtual machine images stored on the hard drive. If it finds one, it embeds itself in the virtual machine using the VMware Player tool. This isn't actually a VMware vulnerability, but rather an unfortunate side effect of the nature of virtual machines—they're basically lines of code stored on your physical machine.