Skip to main content

Malware can now detect virtual machines, and then go dark like a Cold War spy

posted onSeptember 29, 2016
by l33tdawg

One of the more effective ways to counter a malware infection is to make sure that it infects something that can’t have much of an influence on the rest of the system, like a sandboxed virtual machine. However as malware continues to evolve, its creators are now discovering ways to detect whether it is simply wasting its time infecting virtual machines, so it can go after more legitimate targets.

Discovered by Caleb Fenton with security firm SentinelOne (via ThreatPost), this new form of malware is able to sniff out that it currently resides on a virtual machine. Purportedly it does this by analyzing the number of documents on the machine. Low numbers would suggest some form of testing environment, which could tip it off that it’s sandboxed.

After making such a discovery, the malware becomes dormant, deliberately hiding itself as best as possible to avoid any detection techniques by potential security staff or automated tools. Although that particular piece of malware may become redundant to the creator at that point, avoiding detection is incredibly important in such a situation.

Source

Tags

Malware

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th