Author Topic: Article about anti-virtualization techniques used by malware  (Read 3102 times)

0 Members and 1 Guest are viewing this topic.

October 15, 2009, 04:57:57 am
Read 3102 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
How does malware know the difference between the virtual world and the real world?

It is no secret that the Information Security industry takes advantage of virtualization software in order to research security threats. VMWare, Sandboxie, Virtual PC, Anubis, CWSandbox, JoeBox, VirtualBox, Parallels, QEMU are just just of few of these virtual machines. The cornucopia of virtual environments gives the security professional the opportunity to observe and analyze malicious software in a convenient and easily reproducible manner. This presents an issue for malware writers and because of this, they often include code in their binaries to make it more difficult for computer security professionals to analyze their executables in those virtual environments. Here are some of the most frequent anti-virtualization techniques:

Ruining the bad guy's day

October 15, 2009, 07:37:17 am
Reply #1


  • Jr. Member

  • Offline
  • **

  • 15
There are only 10 kinds of people in this world, those who understand binary and those who don't

October 21, 2009, 02:35:53 pm
Reply #2


  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries -