Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: (pacsec bonus) Re: VMWare Detection?
.

  • To: [EMAIL PROTECTED]
  • Subject: RE: (pacsec bonus) Re: VMWare Detection?
  • From: Hrvoje Spoljar <[EMAIL PROTECTED]>
  • Date: Fri, 19 Nov 2004 19:04:04 +0100
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]>
  • Reply-to: [EMAIL PROTECTED]
.
 
On Fri, 2004-11-19 at 18:25, M. Shirk wrote:
> It would be upsetting if the next ScanOfTheMonth had a binary with this 
> capability. No one could get the malware to execute because it would 
> shutdown after detecting the VMWare environment. :-)

That is very likeley to happen :)... last finished IIRC sotm32, RaDa.exe
had different behaviour on VMWare (did nothing) whereas on the real
machine it was troyan bot:))

I think that Lance has made a good point with noticing possible benefits
of running production in VMWare... but on the other hand, it's not only
VMWare that could affect blackhat's from turning away from VMWare... 
because if they notice any other real or framed activity, I think that
the fact that it runs on VMWare will not turn them away from the pot.

just my 2c

-- 
   ________ ___ __  ___
 /  __)  . \   \ | | __)   Hrvoje Špoljar           ICQ: 53000945
|__  |  |__/   | |_| __)   http://spole.pbf.hr/     irc.oftc.net#RoCkY
(____'__|  \___/___|___)   [EMAIL PROTECTED]  mobile:00385989291593
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.