Article

Malware writers use anti-malware techniques in stealth attacks

Staff

As they've shifted from mischief to larceny, malware writers have become more stealthy – seeking to infiltrate a server or PC with a rootkit that can lay doggo while collecting passwords,

    Requires Free Membership to View

customer records and other data.

More security resources for VARs and consultants
Building a firewall architecture: Step-by-step guide 

Implementing third-party patches on customer systems

Two techniques currently in vogue play off the antivirus efforts of sysadmins. One is the use of virtual machines (VM), which the good guys use as honeypots to collect and then observe the activity of bits of malware. Some viruses now have the ability to check to see if it is running in a VM or on the actual operating system. Viruses that find themselves in a VM shut down, delaying detection and analysis, and giving other instances of the virus a better chance to propagate.

The other trick is to have the virus check to see if it is attached to a debugger by checking the amount of time it takes virus code to run. Too much of a delay is an indicator a debugger is in action, which shuts the virus down.

Security managers are also on the lookout for a more insidious technique – using a virus that has infected a VM to escape and infect the actual operating system – though that technique is still theoretical.

Read the original version of this story at TechTarget's SearchSecurity.com.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: