lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040503085231.GD18926@mail>
From: trik-news at gmx.de (Spiro Trikaliotis)
Subject: Determinig VMWare environment (was: Unpacking Sasser)

Hello,

* On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote:
 
> I am intrigued by your points of malware understanding the environment
> 
> > "VM environment can be sensed by the code being tested and choose to
> > act entirely differently from how it would otherwise."
> 
> I have never seen this before, have you any pointers for me?  I use
> ESX server alot and malware been able to detect my environment is
> something I havent seen before. Would kind of go against the very
> nature of ESX server, like said, very interested on this as it would
> help to safe guard our testing environments.

there should be some ways to accomplish that. The VMWare "backdoor" port
might be one (!) good starting point:

http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top

Best regards,
   Spiro.

-- 
I'm subscribed to the mailing lists I'm posting,
so please refrain from Cc:ing me. Thank you.
:r .signature
:wq

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ