truth about vm+malware ?

Lots of crypters have option "anti vm" so when guy uses a malware and crypt it with option anti vm it means even if user who download hat file and run in vm his real machine (which hosting vm) will be infected?

 

It is an ongoing race between malware trying to avoid detection and security software staying close behind. Layered approach helps

 

Anti-VM= detects VM and wont execute its payload in the VM.
Nothing to do with host being infected.

 

Then why would crypters have anti-vm option if its true what ur saying?

 

To avoid analysis/reverse engineering by looking at behavior after execution in VM.

 

Because they are trying to avoid detection among other reasons. Why do you think it is somehow untrue?

 

because i always think that anti-vm means that crypted file will always bypass vm when its opened in vm.

So its safe to test 0 day malware on vm?

 

Yes. In theory it's possible to bypass the VM by exploiting vulnerabilities, but I haven't heard/seen any incidents so far.

 

I've never seen any VM vulnerabilities in the wild but I've seen proof-of-concept exploits for bypassing VMs.

Anto-VM malware is just malware that detects the VM and (usually) shuts down or behaves differently. This is to avoid reverse-engineering by AV companies.

 

ok guys thx for answering