For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.