truth about vm+malware ?

Discussion in 'sandboxing & virtualization' started by aaaaaa21, Mar 9, 2012.

Thread Status:
Not open for further replies.
  1. aaaaaa21

    aaaaaa21 Registered Member

    Joined:
    Mar 9, 2012
    Posts:
    4
    Location:
    Croatia
    Lots of crypters have option "anti vm" so when guy uses a malware and crypt it with option anti vm it means even if user who download hat file and run in vm his real machine (which hosting vm) will be infected?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    It is an ongoing race between malware trying to avoid detection and security software staying close behind. Layered approach helps
     
  3. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Anti-VM= detects VM and wont execute its payload in the VM.
    Nothing to do with host being infected.
     
  4. aaaaaa21

    aaaaaa21 Registered Member

    Joined:
    Mar 9, 2012
    Posts:
    4
    Location:
    Croatia
    Then why would crypters have anti-vm option if its true what ur saying?
     
  5. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    To avoid analysis/reverse engineering by looking at behavior after execution in VM.
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Because they are trying to avoid detection among other reasons. Why do you think it is somehow untrue?
     
  7. aaaaaa21

    aaaaaa21 Registered Member

    Joined:
    Mar 9, 2012
    Posts:
    4
    Location:
    Croatia
    because i always think that anti-vm means that crypted file will always bypass vm when its opened in vm.

    So its safe to test 0 day malware on vm?
     
  8. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Yes. In theory it's possible to bypass the VM by exploiting vulnerabilities, but I haven't heard/seen any incidents so far.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I've never seen any VM vulnerabilities in the wild but I've seen proof-of-concept exploits for bypassing VMs.

    Anto-VM malware is just malware that detects the VM and (usually) shuts down or behaves differently. This is to avoid reverse-engineering by AV companies.
     
  10. aaaaaa21

    aaaaaa21 Registered Member

    Joined:
    Mar 9, 2012
    Posts:
    4
    Location:
    Croatia
    ok guys thx for answering :)
     
Thread Status:
Not open for further replies.