Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
New Evasion Encyclopedia Shows How Malware Detects Virtual Machines
Message
<blockquote data-quote="silversurfer" data-source="post: 863092" data-attributes="member: 26718"><p>A new Malware Evasion Encyclopedia has been launched that offers insight into the various methods malware uses to detect if it is running under a virtual environment.</p><p></p><p>To evade detection and analysis by security researchers, malware may check if it is running under a virtualized environment such as virtual machine in VirtualBox and VMWare.</p><p></p><p>If these checks indicate that it is being run in a VM, the malware will simply not run, and in some cases, delete itself to prevent analysis.</p><p></p><p><span style="font-size: 15px"><u>The malware Evasion Encyclopedia</u></span></p><p></p><p>Created by Check Point Research, the <a href="https://evasions.checkpoint.com/" target="_blank">Malware Evasion Encyclopedia</a> is broken into different categories of information that a malware will use to detect if it is running under a virtual machine.</p><p></p><p>While sharing this information may allow malware authors to learn some new techniques, Check Point feels that the value to the information security community far outweighs any benefit to malware developers.</p><p></p><p>"It is our belief the value of sharing with the community is far greater than the risk of malware authors using this," Check Point Research told BleepingComputer.</p><p></p><p>The current sections in the encyclopedia with listed techniques are:</p><p></p><p>Inside each section are code snippets that illustrate how malware determines if it is running under a virtual environment and suggested countermeasures to defeat these checks.</p><p></p><p>For example, the 'Processes' section shows how <a href="https://evasions.checkpoint.com/techniques/processes.html#check-specific-running-processes-and-loaded-libraries" target="_blank">malware checks for certain processes</a> used by VMs, the 'Firmware Tables' section explains how malware looks for <a href="https://evasions.checkpoint.com/techniques/firmware-tables.html#check-specific-strings-in-raw-firmware-table" target="_blank">certain strings in the BIOS</a>, and the 'Generic OS queries' section <a href="http://evasions.checkpoint.com/techniques/generic-os-queries.html#check-if-username-is-specific" target="_blank">lists user names</a> that are commonly looked for. [....]</p><p>[URL unfurl="true"]https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/[/URL]</p></blockquote><p></p>
[QUOTE="silversurfer, post: 863092, member: 26718"] A new Malware Evasion Encyclopedia has been launched that offers insight into the various methods malware uses to detect if it is running under a virtual environment. To evade detection and analysis by security researchers, malware may check if it is running under a virtualized environment such as virtual machine in VirtualBox and VMWare. If these checks indicate that it is being run in a VM, the malware will simply not run, and in some cases, delete itself to prevent analysis. [SIZE=4][U]The malware Evasion Encyclopedia[/U][/SIZE] Created by Check Point Research, the [URL='https://evasions.checkpoint.com/']Malware Evasion Encyclopedia[/URL] is broken into different categories of information that a malware will use to detect if it is running under a virtual machine. While sharing this information may allow malware authors to learn some new techniques, Check Point feels that the value to the information security community far outweighs any benefit to malware developers. "It is our belief the value of sharing with the community is far greater than the risk of malware authors using this," Check Point Research told BleepingComputer. The current sections in the encyclopedia with listed techniques are: Inside each section are code snippets that illustrate how malware determines if it is running under a virtual environment and suggested countermeasures to defeat these checks. For example, the 'Processes' section shows how [URL='https://evasions.checkpoint.com/techniques/processes.html#check-specific-running-processes-and-loaded-libraries']malware checks for certain processes[/URL] used by VMs, the 'Firmware Tables' section explains how malware looks for [URL='https://evasions.checkpoint.com/techniques/firmware-tables.html#check-specific-strings-in-raw-firmware-table']certain strings in the BIOS[/URL], and the 'Generic OS queries' section [URL='http://evasions.checkpoint.com/techniques/generic-os-queries.html#check-if-username-is-specific']lists user names[/URL] that are commonly looked for. [....] [URL unfurl="true"]https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
