Honeypots
Re: Stealth VM Nov 07 2008 01:38AM
Earl (esammons hush com) (1 replies)
Re: Stealth VM Nov 07 2008 02:53PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 08 2008 07:49AM
Thorsten Holz (thorsten holz gmail com) (1 replies)
Re: Stealth VM Nov 10 2008 03:33PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 10 2008 09:09PM
Thorsten Holz (thorsten holz gmail com)
Hi Robert,

On Mon, Nov 10, 2008 at 4:33 PM, Robert Sandilands
<rsandilands (at) authentium (dot) com [email concealed]> wrote:

> If you can provide a better unbiased view of current threats I would
> love for you to tell the world about it. Whatever the limitations of the
> Wildlist may be, it is the best unbiased view we have on the threats out
> there. It is easy to criticize something and I think the Wildlist has
> become a popular project to criticize, but I have yet to hear of any
> viable alternatives.

I did not criticize the Wildlist, I just pointed out that the malware
samples that are currently on the Wildlist (lots of online gaming
stealers and IRC bots) commonly do not contain VM detection mechanisms
in my experience. Thus I don't believe your claim that "The majority
of Wildlist samples will not work in VMWare."

Cheers,
Thorsten

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus