Honeypots mailing list archives
Re: Stealth VM
From: "Thorsten Holz" <thorsten.holz () gmail com>
Date: Sat, 8 Nov 2008 08:49:56 +0100
On Fri, Nov 7, 2008 at 3:53 PM, Robert Sandilands <rsandilands () authentium com> wrote:
The majority of Wildlist samples will not work in VMWare.
Robert, do you have some concrete numbers for that claim? In our test, we observed that less than 10% of the samples did not run within VMware (tested about half a year ago). This test was based on the samples we receive at cwsandbox.org, so it may be a bit biased. But if I take a look at the Wildlist (where I doubt that it provides a realistic overview of current threats), I see lots of online gaming stealers, IRC bots, and similar malware that commonly does not include checks for VMware. Thus some more evidence for your claim would be nice. Cheers, Thorsten
Current thread:
- Stealth VM Stuart Gilchrist-Thomas (Oct 06)
- Re: Stealth VM Michael Bailey (Oct 06)
- Re: Stealth VM Javier Fernandez-Sanguino (Nov 06)
- RE: Stealth VM Michael Owen (Nov 06)
- Re: Stealth VM Stuart Thomas (Nov 07)
- RE: Stealth VM Michael Owen (Nov 06)
- <Possible follow-ups>
- Re: Stealth VM Earl (Nov 07)
- Re: Stealth VM Robert Sandilands (Nov 07)
- Re: Stealth VM Thorsten Holz (Nov 08)
- Re: Stealth VM Robert Sandilands (Nov 10)
- Re: Stealth VM Thorsten Holz (Nov 10)
- Re: Stealth VM Robert Sandilands (Nov 07)