Honeypots
Re: Stealth VM Nov 07 2008 01:38AM
Earl (esammons hush com) (1 replies)
Re: Stealth VM Nov 07 2008 02:53PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 08 2008 07:49AM
Thorsten Holz (thorsten holz gmail com) (1 replies)
On Fri, Nov 7, 2008 at 3:53 PM, Robert Sandilands
<rsandilands (at) authentium (dot) com [email concealed]> wrote:
> The majority of Wildlist samples will not work in VMWare.

Robert, do you have some concrete numbers for that claim? In our test,
we observed that less than 10% of the samples did not run within
VMware (tested about half a year ago). This test was based on the
samples we receive at cwsandbox.org, so it may be a bit biased. But if
I take a look at the Wildlist (where I doubt that it provides a
realistic overview of current threats), I see lots of online gaming
stealers, IRC bots, and similar malware that commonly does not include
checks for VMware. Thus some more evidence for your claim would be
nice.

Cheers,
Thorsten

[ reply ]
Re: Stealth VM Nov 10 2008 03:33PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 10 2008 09:09PM
Thorsten Holz (thorsten holz gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus