| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000b01c430f1$66f06a60$0100a8c0@cparena1consol> From: cheekypeople at sec33.com (Lee) Subject: Determinig VMWare environment (was: Unpacking Sasser) That shows only for workstation version, ESX server is very different product and setup. Thanks for the heads up I will test the files on a ESX server. Would the backdoor be found by the package though, would it be looking for that? Regards Lee @ STS http://www.seethrusec.co.uk Building Knowledge and Security.. ----- Original Message ----- From: "Spiro Trikaliotis" <trik-news@....de> To: <full-disclosure@...ts.netsys.com> Sent: Monday, May 03, 2004 9:52 AM Subject: [Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser) > Hello, > > * On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote: > > > I am intrigued by your points of malware understanding the environment > > > > > "VM environment can be sensed by the code being tested and choose to > > > act entirely differently from how it would otherwise." > > > > I have never seen this before, have you any pointers for me? I use > > ESX server alot and malware been able to detect my environment is > > something I havent seen before. Would kind of go against the very > > nature of ESX server, like said, very interested on this as it would > > help to safe guard our testing environments. > > there should be some ways to accomplish that. The VMWare "backdoor" port > might be one (!) good starting point: > > http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top > > Best regards, > Spiro. > > -- > I'm subscribed to the mailing lists I'm posting, > so please refrain from Cc:ing me. Thank you. > :r .signature > :wq > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > Lee @ STS http://www.seethrusec.co.uk Building Knowledge and Security.. ----- Original Message ----- From: "Spiro Trikaliotis" <trik-news@....de> To: <full-disclosure@...ts.netsys.com> Sent: Monday, May 03, 2004 9:52 AM Subject: [Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser) > Hello, > > * On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote: > > > I am intrigued by your points of malware understanding the environment > > > > > "VM environment can be sensed by the code being tested and choose to > > > act entirely differently from how it would otherwise." > > > > I have never seen this before, have you any pointers for me? I use > > ESX server alot and malware been able to detect my environment is > > something I havent seen before. Would kind of go against the very > > nature of ESX server, like said, very interested on this as it would > > help to safe guard our testing environments. > > there should be some ways to accomplish that. The VMWare "backdoor" port > might be one (!) good starting point: > > http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top > > Best regards, > Spiro. > > -- > I'm subscribed to the mailing lists I'm posting, > so please refrain from Cc:ing me. Thank you. > :r .signature > :wq > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists