Honeypots: Re: Stealth VM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

Re: Stealth VM

From: "Thorsten Holz" <thorsten.holz () gmail com>
Date: Sat, 8 Nov 2008 08:49:56 +0100

On Fri, Nov 7, 2008 at 3:53 PM, Robert Sandilands
<rsandilands () authentium com> wrote:

The majority of Wildlist samples will not work in VMWare.


Robert, do you have some concrete numbers for that claim? In our test,
we observed that less than 10% of the samples did not run within
VMware (tested about half a year ago). This test was based on the
samples we receive at cwsandbox.org, so it may be a bit biased. But if
I take a look at the Wildlist (where I doubt that it provides a
realistic overview of current threats), I see lots of online gaming
stealers, IRC bots, and similar malware that commonly does not include
checks for VMware. Thus some more evidence for your claim would be
nice.

Cheers,
  Thorsten

By Date By Thread

Current thread:

Re: Stealth VM, (continued)
- Re: Stealth VM Javier Fernandez-Sanguino (Nov 06)
  - RE: Stealth VM Michael Owen (Nov 06)
    - Re: Stealth VM Stuart Thomas (Nov 07)
- Re: Stealth VM Earl (Nov 07)
  - Re: Stealth VM Robert Sandilands (Nov 07)
    - Re: Stealth VM Thorsten Holz (Nov 08)
    - Re: Stealth VM Robert Sandilands (Nov 10)
    - Re: Stealth VM Thorsten Holz (Nov 10)