|Updated: 11/27/2006; 12:17:10 AM.
Virtual and distributed computing technology and applications
Tuesday, November 21, 2006
Hackers Use Virtual Machine Detection To Foil Researchers:
Funny benefit for users of virtual machines -- if you run a vm, increasing amounts of malware will refuse to run. "Hackers are adding virtual machine detection to their worms and Trojans to stymie analysis by anti-virus labs, a security research said Sunday. The tactic is designed to thwart researchers who use virtualization software, notably that made by VMware, to quickly and safely test the impact of malicious code. .. "Three out of 12 malware specimens recently captured in our honeypot refused to run in VMware," said Lenny Zeltser, an analyst at SANS Institute's Internet Storm Center (ISC) in an online note Sunday.
Malware writers use a variety of techniques to detect virtualization, including sniffing out the presence of VMware-specific processes and hardware characteristics, said Zeltser. "More reliable techniques rely on assembly-level code that behaves differently on a virtual machine than on a physical host," he added. " 4:55:43 PM
Copyright 2006 © Ken Novak.
Last update: 11/27/2006; 12:17:10 AM.