Virtual Machine Detection in Malware via Commercial Tools

More About Sophisticated Malware

http://isc.sans.org/diary.php?storyid=1871

Virtual machine detection is a self-defensive property of many malware specimens. It is aimed at making it harder to examine the malicious program, because virtualization software, such as VMware, is a very popular tool among malware analysts. For instance, 3 our of 12 malware specimens recently captured in our honeypot refused to run in VMware.

It is getting harder to detect malware after it has found some entry point into a system, and malware is getting better at sneaking onto systems through normal channels, and not waiting for published vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *