|
Incidents
Possible Mail server compromise ? Feb 04 2008 06:28PM Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies) Re: Possible Mail server compromise ? Feb 12 2008 11:41PM Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies) Re: Possible Mail server compromise ? Feb 18 2008 07:19PM Faas M. Mathiasen (faas m mathiasen googlemail com) (2 replies) Re: Possible Mail server compromise ? Feb 20 2008 02:43AM Eduardo Tongson (propolice gmail com) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:33PM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) Re: Possible Mail server compromise ? Feb 19 2008 05:35PM Bob Toxen (vger verysecurelinux com) (2 replies) Re: Possible Mail server compromise ? Feb 20 2008 02:14AM Jon Oberheide (jon oberheide org) (1 replies) Re: Possible Mail server compromise ? Feb 19 2008 06:46PM Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies) Re: Possible Mail server compromise ? Feb 20 2008 02:48PM Eygene Ryabinkin (rea-sec codelabs ru) (2 replies) Re: Possible Mail server compromise ? Feb 20 2008 10:59PM Valdis Kletnieks vt edu (1 replies) Re: Possible Mail server compromise ? Feb 21 2008 10:31AM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:10PM Faas M. Mathiasen (faas m mathiasen googlemail com) Re: Possible Mail server compromise ? Feb 20 2008 07:05AM Bob Toxen (vger VerySecureLinux com) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:25PM Faas M. Mathiasen (faas m mathiasen googlemail com) Re: Possible Mail server compromise ? Feb 04 2008 07:05PM Jon R. Kibler (Jon Kibler aset com) (1 replies) Re: Possible Mail server compromise ? Feb 04 2008 09:39PM Tony Maupin (tony themaupins com) (1 replies) Re: Possible Mail server compromise ? Feb 04 2008 09:57PM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) |
|
|
Privacy Statement |
> On Tue, 19 Feb 2008 21:14:46 EST, Jon Oberheide said:
> > I'm not sure how n.runs implements their system, but our system uses Xen
> > VMs for the detection engines. When it is determined that a piece of
> > malware has exploited the AV software (through non-whitelisted process
> > spawning, any network activity, or other unexpected system behavior),
> That is, of course, assuming you don't get blue-pilled before you realize that
> it's been exploited. Running in a VM helps a *lot*, but it does *not*
> guarantee that nothing will get loose (and notice that a clever malware can
> simply redpill detect that it's running in a VM, and do nothing malicious until
> it detects that it's on a real machine - malware has a *long* tradition of
> detecting and evading if it's running under a debugger...
Nope, you have to distinguish between a sandbox (code is run) to an AV
scanner scanning code in a VM,
when the av scanner scans the code, the code is not executed and
cannot decide whether it is inside
a VM =)
[ reply ]