.

Looking for Malware that react with Virtual Machines

<<

neotrace0

Newbie
Newbie

Posts: 3

Joined: Mon Sep 25, 2006 1:21 am

Post Thu Jun 19, 2008 10:27 pm

Looking for Malware that react with Virtual Machines

I'm doing research on the way that malware and VM interact with each other, especially VM aware malware. I having a difficult time looking for examples of malware. I found this page http://securitylabs.websense.com/conten ... /2688.aspx but the example sum doesn't appear on offensivecomputing.net.

Any example or pointers that anyone has would be great. Thanks.
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Fri Jun 20, 2008 12:37 am

Re: Looking for Malware that react with Virtual Machines

Looking at that link I assume that what you are asking is malware that uses anti VM tricks. Am I right ? If yes, then redpill etc are what you are looking for, start at the following links and ask me if you have any problems.

handlers.sans.org/tliston/ ThwartingVMDetection_Liston_Skoudis.pdf
http://invisiblethings.org/papers/redpill.html
http://www.openrce.org/forums/posts/814
http://www.pelock.com/blog/2007/04/15/v ... ainst-trw/
http://eeyeresearch.typepad.com/blog/20 ... ware_.html

May be I will release my paper on these concepts soon.
Last edited by shakuni on Fri Jun 20, 2008 12:39 am, edited 1 time in total.
There is no rule, law or tradition that apply universally... including this one.
<<

neotrace0

Newbie
Newbie

Posts: 3

Joined: Mon Sep 25, 2006 1:21 am

Post Fri Jun 20, 2008 7:53 pm

Re: Looking for Malware that react with Virtual Machines

Here are the current urls I've come across including the ones you provided. These are providing me with the fundemental understanding that I need but I would like to perform so real world tests.

http://www.blackhat.com/presentations/b ... 6-Zovi.pdf
http://www.offensivecomputing.net/?q=node/205
http://searchsecurity.techtarget.com/ex ... 29,00.html
http://recon.cx/2008/speakers.html#polymorph
http://www.offensivecomputing.net/files/active/0/vm.pdf
http://www.openrce.org/forums/posts/814
http://taviso.decsystem.org/virtsec.pdf
http://www.cs.cmu.edu/~jfrankli/hotos07 ... otos07.pdf
http://isc.sans.org/diary.html?storyid= ... a6ef5d1417
http://www.techworld.com/security/news/ ... ewsid=9653
http://vil.nai.com/vil/content/v_139328.htm
http://securitylabs.websense.com/conten ... /2688.aspx
http://www.stanford.edu/~talg/papers/HO ... otos07.pdf
http://www.eecs.umich.edu/virtual/papers/king06.pdf
http://eeyeresearch.typepad.com/blog/20 ... ware_.html
http://www.linklogger.com/vm_capture.htm
http://labs.neohapsis.com/
http://www.pelock.com/blog/2007/04/15/v ... ainst-trw/
http://vil.nai.com/vil/content/v_134117.htm
http://www.blackhat.com/presentations/b ... Butler.pdf
http://www.cs.nps.navy.mil/people/facul ... 0-0611.pdf
http://www.offensivecomputing.net/dc14/ ... spiral.pdf
http://www.matasano.com/log/955/you-can ... rtualized/
http://handlers.sans.org/tliston/Thwart ... koudis.pdf

I'm still having trouble finding a repository of rootkits/malware/etc... to actually test on XP,Vista VM's or bare metal machines. I know they are out there but it seems there has got to be a better way then searching for VM aware malware, find a check sum and then hoping Offensive Computing has it?
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Sat Jun 21, 2008 12:57 am

Re: Looking for Malware that react with Virtual Machines

So basically you are asking for source codes of malware that uses Anti VM tricks. I don't know wheather it is allowed to discuss theses things on the forums. So wait until don allows us to share these things. Or read a bit about google hacking. There are thousands of repositaries of malware sources out there.

Until then I suggest you to write simple "hello world" viruses and then use Anti VM tricks in them (from the links that I gave you) to test wheather the tricks works on the desired platform or VM.

-shakuni
There is no rule, law or tradition that apply universally... including this one.
<<

neotrace0

Newbie
Newbie

Posts: 3

Joined: Mon Sep 25, 2006 1:21 am

Post Mon Jun 23, 2008 1:47 pm

Re: Looking for Malware that react with Virtual Machines

Great idea, I'll give that a try, thank you for your time.

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software