Re: Stealth VM Nov 07 2008 01:38AM
Earl (esammons hush com) (1 replies)
Re: Stealth VM Nov 07 2008 02:53PM
Robert Sandilands (rsandilands authentium com) (1 replies)
The majority of Wildlist samples will not work in VMWare.

Although I agree with your sentiments that VMWare is becoming very
common in the enterprise, that is in general not the target for the
majority of malware out there: Home users are still the easiest target.


Earl wrote:
> Had a conversation about this at lunch today where I informed
> someone that the joke about "Security by the obscurity of running
> in a VM" days are likely either already over or about to be over.
> Anyone have any stats or even an educated guess about whether or
> not bad guys still care if they are in a virtualized env before
> they take a box?
> Earl
> On Thu, 06 Nov 2008 07:19:07 -0500 Javier Fernandez-Sanguino
> <jfernandez (at) germinus (dot) com [email concealed]> wrote:
>> Stuart Gilchrist-Thomas dijo:
>>> Hi,
>>> Does anyone have any pointers to evidence or advice on hiding or
>>> reducing the detection of VM honey pots. I know of temporal
>> issues
>>> e.g. Timing metrics can give away a VM, and that you can
>> manually
>>> alter peripheral identities e.g. virtual network cards etc. I've
>> also
>>> created a company to purchase ip and hosting space to ensure a
>> form
>>> of identity in depth. But I still lack experience in preventing
>>> detection. Can you help? Are you my only hope? ;)
>> Why hide the fact that the honeypot is running on VM? After all,
>> many
>> environments in production (@datacenters) are running over VM.
>> Those
>> intruders that think that VM == honeypot will change their mindset
>> soon.
>> Regards
>> Javier

Robert Sandilands: Director, AV
Disclaimer: http://robert.rsa3.com/disclaimer.html
Authentium: Home of Command Software

[ reply ]
Re: Stealth VM Nov 08 2008 07:49AM
Thorsten Holz (thorsten holz gmail com) (1 replies)
Re: Stealth VM Nov 10 2008 03:33PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 10 2008 09:09PM
Thorsten Holz (thorsten holz gmail com)


Privacy Statement
Copyright 2010, SecurityFocus