Malware writers use anti-malware techniques in stealth attacks

Some viruses show up already looking out for traps in virtual machines and debuggers.

As they've shifted from mischief to larceny, malware writers have become more stealthy – seeking to infiltrate a server or PC with a rootkit that can lay doggo while collecting passwords, customer records and other data.

More security resources for VARs and consultants
Building a firewall architecture: Step-by-step guide 

Implementing third-party patches on customer systems

Two techniques currently in vogue play off the antivirus efforts of sysadmins. One is the use of virtual machines (VM), which the good guys use as honeypots to collect and then observe the activity of bits of malware. Some viruses now have the ability to check to see if it is running in a VM or on the actual operating system. Viruses that find themselves in a VM shut down, delaying detection and analysis, and giving other instances of the virus a better chance to propagate.

The other trick is to have the virus check to see if it is attached to a debugger by checking the amount of time it takes virus code to run. Too much of a delay is an indicator a debugger is in action, which shuts the virus down.

Security managers are also on the lookout for a more insidious technique – using a virus that has infected a VM to escape and infect the actual operating system – though that technique is still theoretical.

Read the original version of this story at TechTarget's SearchSecurity.com.

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close