Honeypots mailing list archives
Re: Stealth VM
From: "Thorsten Holz" <thorsten.holz () gmail com>
Date: Mon, 10 Nov 2008 22:09:45 +0100
Hi Robert, On Mon, Nov 10, 2008 at 4:33 PM, Robert Sandilands <rsandilands () authentium com> wrote:
If you can provide a better unbiased view of current threats I would love for you to tell the world about it. Whatever the limitations of the Wildlist may be, it is the best unbiased view we have on the threats out there. It is easy to criticize something and I think the Wildlist has become a popular project to criticize, but I have yet to hear of any viable alternatives.
I did not criticize the Wildlist, I just pointed out that the malware samples that are currently on the Wildlist (lots of online gaming stealers and IRC bots) commonly do not contain VM detection mechanisms in my experience. Thus I don't believe your claim that "The majority of Wildlist samples will not work in VMWare." Cheers, Thorsten
Current thread:
- Stealth VM Stuart Gilchrist-Thomas (Oct 06)
- Re: Stealth VM Michael Bailey (Oct 06)
- Re: Stealth VM Javier Fernandez-Sanguino (Nov 06)
- RE: Stealth VM Michael Owen (Nov 06)
- Re: Stealth VM Stuart Thomas (Nov 07)
- RE: Stealth VM Michael Owen (Nov 06)
- <Possible follow-ups>
- Re: Stealth VM Earl (Nov 07)
- Re: Stealth VM Robert Sandilands (Nov 07)
- Re: Stealth VM Thorsten Holz (Nov 08)
- Re: Stealth VM Robert Sandilands (Nov 10)
- Re: Stealth VM Thorsten Holz (Nov 10)
- Re: Stealth VM Robert Sandilands (Nov 07)