More About Sophisticated Malware
Virtual machine detection is a self-defensive property of many malware specimens. It is aimed at making it harder to examine the malicious program, because virtualization software, such as VMware, is a very popular tool among malware analysts. For instance, 3 our of 12 malware specimens recently captured in our honeypot refused to run in VMware.
It is getting harder to detect malware after it has found some entry point into a system, and malware is getting better at sneaking onto systems through normal channels, and not waiting for published vulnerabilities.