Full Disclosure mailing list archives
Re: Determinig VMWare environment (was: Unpacking Sasser)
From: "Lee" <cheekypeople () sec33 com>
Date: Mon, 3 May 2004 10:30:53 +0100
That shows only for workstation version, ESX server is very different product and setup. Thanks for the heads up I will test the files on a ESX server. Would the backdoor be found by the package though, would it be looking for that? Regards Lee @ STS http://www.seethrusec.co.uk Building Knowledge and Security.. ----- Original Message ----- From: "Spiro Trikaliotis" <trik-news () gmx de> To: <full-disclosure () lists netsys com> Sent: Monday, May 03, 2004 9:52 AM Subject: [Full-disclosure] Determinig VMWare environment (was: Unpacking Sasser)
Hello, * On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote:I am intrigued by your points of malware understanding the environment"VM environment can be sensed by the code being tested and choose to act entirely differently from how it would otherwise."I have never seen this before, have you any pointers for me? I use ESX server alot and malware been able to detect my environment is something I havent seen before. Would kind of go against the very nature of ESX server, like said, very interested on this as it would help to safe guard our testing environments.there should be some ways to accomplish that. The VMWare "backdoor" port might be one (!) good starting point: http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top Best regards, Spiro. -- I'm subscribed to the mailing lists I'm posting, so please refrain from Cc:ing me. Thank you. :r .signature :wq _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Lee @ STS http://www.seethrusec.co.uk Building Knowledge and Security.. ----- Original Message ----- From: "Spiro Trikaliotis" <trik-news () gmx de> To: <full-disclosure () lists netsys com> Sent: Monday, May 03, 2004 9:52 AM Subject: [Full-disclosure] Determinig VMWare environment (was: Unpacking Sasser)
Hello, * On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote:I am intrigued by your points of malware understanding the environment"VM environment can be sensed by the code being tested and choose to act entirely differently from how it would otherwise."I have never seen this before, have you any pointers for me? I use ESX server alot and malware been able to detect my environment is something I havent seen before. Would kind of go against the very nature of ESX server, like said, very interested on this as it would help to safe guard our testing environments.there should be some ways to accomplish that. The VMWare "backdoor" port might be one (!) good starting point: http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top Best regards, Spiro. -- I'm subscribed to the mailing lists I'm posting, so please refrain from Cc:ing me. Thank you. :r .signature :wq _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Unpacking Sasser Tom K (May 02)
- Re: Unpacking Sasser IndianZ (May 02)
- Re: Unpacking Sasser Byron Copeland (May 02)
- Re: Unpacking Sasser Andrew Ruef (May 02)
- Re: Unpacking Sasser - (May 02)
- Re: Unpacking Sasser Lee (May 02)
- Re: Unpacking Sasser Nick FitzGerald (May 02)
- Re: Unpacking Sasser Lee (May 03)
- Determinig VMWare environment (was: Unpacking Sasser) Spiro Trikaliotis (May 03)
- Re: Determinig VMWare environment (was: Unpacking Sasser) Lee (May 03)
- Re: Unpacking Sasser Gary E. Miller (May 03)
- Catching Sasser Shashank Rai (May 04)
- Re: Unpacking Sasser - (May 02)
- Re: Unpacking Sasser IndianZ (May 02)
- <Possible follow-ups>
- RE: Unpacking Sasser Angelaix (May 02)