Given that its possible for a program to detect that its being run under a debugger, wouldn't it be possible for a virus to behave differently in the debug environment?
IE: how do you know that the behavior you see in the lab reflects behavior in the real world? (I get a kind of 'schrodingers cat' deja vu).
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html