tag:blogger.com,1999:blog-7347279.post5265016917016549116..comments2023-08-26T05:04:33.009-04:00Comments on anti-virus rants: enough with the financially motivated malwarekurt wismerhttp://www.blogger.com/profile/03810635947269551517noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7347279.post-82759406969570024762008-04-17T08:06:00.000-04:002008-04-17T08:06:00.000-04:00@didier stevens:while it's entirely true that some...@didier stevens:<BR/>while it's entirely true that some financially motivated malware wants to stay under the radar and will use vm detection to that end, the malware from yester-year also wants to stay under the radar and will use vm detection and/or any number of other anti-debugging techniques to make analysis more difficult... <BR/><BR/>that particular class of behaviours is not unique to financially motivated malware...<BR/><BR/>as vm's become more ubiquitous, however, malware authors may have to abandon that technique because environments like yours become too popular to give up on... <BR/><BR/>i do something similar in that i always browse from within a sandbox, but my aim is not to trick the malware into not operating... instead i'm just interested in having an environment which i can flush easily - that way i can have a fresh sandboxed environment to do online banking in...kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-47064206155765577082008-04-17T05:22:00.000-04:002008-04-17T05:22:00.000-04:00Financially motivated malware wants to stay under ...Financially motivated malware wants to stay under your radar, one of the tactics is to stop executing as soon as it detects it's running inside a virtual machine (the programmer assumes that running inside a VM is a sign that the malware is being analyzed). This is one of the reasons why I do online banking inside a virtual machine. Even if my VM gets infected, I've a chance that the malware will not execute.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-64461380837457068282008-04-12T02:14:00.000-04:002008-04-12T02:14:00.000-04:00ha ha... and considering how i feel about the topi...ha ha... <BR/><BR/>and considering how i feel about the topic, it's kind of ironic that the comment notification email for your comment went into my spam folder...kurt wismerhttps://www.blogger.com/profile/13189186727476710218noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-48911851403557432222008-04-09T05:56:00.000-04:002008-04-09T05:56:00.000-04:00Kurt, I heard that malware writers were motivated ...Kurt, I heard that malware writers were motivated by money. What do you think? :)Andy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.com