[Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser)
Spiro Trikaliotis
trik-news at gmx.de
Mon May 3 09:52:31 BST 2004
Hello,
* On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote:
> I am intrigued by your points of malware understanding the environment
>
> > "VM environment can be sensed by the code being tested and choose to
> > act entirely differently from how it would otherwise."
>
> I have never seen this before, have you any pointers for me? I use
> ESX server alot and malware been able to detect my environment is
> something I havent seen before. Would kind of go against the very
> nature of ESX server, like said, very interested on this as it would
> help to safe guard our testing environments.
there should be some ways to accomplish that. The VMWare "backdoor" port
might be one (!) good starting point:
http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top
Best regards,
Spiro.
--
I'm subscribed to the mailing lists I'm posting,
so please refrain from Cc:ing me. Thank you.
:r .signature
:wq
Full-Disclosure is hosted and sponsored by Secunia.