Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: (pacsec bonus) Re: VMWare Detection?
.

  • To: [EMAIL PROTECTED]
  • Subject: RE: (pacsec bonus) Re: VMWare Detection?
  • From: "M. Shirk" <[EMAIL PROTECTED]>
  • Date: Fri, 19 Nov 2004 12:25:53 -0500
.
 
It would be upsetting if the next ScanOfTheMonth had a binary with this capability. No one could get the malware to execute because it would shutdown after detecting the VMWare environment. :-) 

Shirkdog
http://www.shirkdog.us

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 9:20 AM
To: [EMAIL PROTECTED]
Subject: RE: (pacsec bonus) Re: VMWare Detection?
Importance: Low


A little off the honeypot topic, but wouldn't the bigger problem with
VMWare detection be to those of us doing Malware analysis?  I almost
exclusively use a laptop system with multiple VMWare Guests running to
analyze a suspect piece of Malware.  I have found some workarounds to VMWare
detections (i.e the code looks for VMWare tools, so delete it...it looks for
Mac Addresses, so change them), but I don't know how to address the
detection given in this thread.

Is my nice, compact, portable (not to mention powerhouse) analysis
laptop/lab about to be replaced by desks full of actual computers to do
analysis? Ugh!

Chris
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.