[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser)
From: Spiro Trikaliotis <trik-news@xxxxxx>
Date: Mon, 3 May 2004 10:52:31 +0200

Hello,

* On Mon, May 03, 2004 at 08:56:51AM +0100 Lee wrote:
 
> I am intrigued by your points of malware understanding the environment
> 
> > "VM environment can be sensed by the code being tested and choose to
> > act entirely differently from how it would otherwise."
> 
> I have never seen this before, have you any pointers for me?  I use
> ESX server alot and malware been able to detect my environment is
> something I havent seen before. Would kind of go against the very
> nature of ESX server, like said, very interested on this as it would
> help to safe guard our testing environments.

there should be some ways to accomplish that. The VMWare "backdoor" port
might be one (!) good starting point:

http://chitchat.at.infoseek.co.jp/vmware/backdoor.html#top

Best regards,
   Spiro.

-- 
I'm subscribed to the mailing lists I'm posting,
so please refrain from Cc:ing me. Thank you.
:r .signature
:wq

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser)
  - From: Lee

References:
- Re: [Full-Disclosure] Unpacking Sasser
  - From: Nick FitzGerald
- Re: [Full-Disclosure] Unpacking Sasser
  - From: Lee

Prev by Date: Re: [Full-Disclosure] Unpacking Sasser
Next by Date: Re: [Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser)
Previous by thread: Re: [Full-Disclosure] Unpacking Sasser
Next by thread: Re: [Full-Disclosure] Determinig VMWare environment (was: Unpacking Sasser)
Index(es):
- Date
- Thread