An automatic anti-anti-VMware technique applicable for multi-stage packed malware

3rd International Conference on Malicious and Unwanted Software, MALWARE 2008

Volumn , Issue , 2008, Pages 17-23

  Sun, Li ^a   Ebringer, Tim ^b   Boztaş, Serdar ^a  

^a RMIT UNIVERSITY   (Australia)

^b UNIVERSITY OF MELBOURNE   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; PACKERS;

ANTI VIRUSES; ASSEMBLY CODES; AUTOMATED CONTROLS; CURRENT GENERATIONS; MALICIOUS CODES; MALWARE; MALWARE ANALYSIS; VIRTUALISATION;

CODES (SYMBOLS);

EID: 58149103803     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MALWARE.2008.4690853     Document Type: Conference Paper

References (17)

1. Matthew Carpenter, Tom Liston, and Ed Sloudis. Hiding virtualization from attackers and malware. IEEE Security & Privacy, 5(3):62-65, 2007.
2. Peter Ferrie. Anti-unpacker tricks. http://www.datasecurity-event.com/ uploads/unpackers.pdf, May 2008. 2nd CARO Workshop.
3. Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn, and Robert Richardson. Csi/fbi computer crime and security survey, 2006. http://i.cmpnet.com/gocsi/db-area/pdfs/fbi/FBI2006.pdf.
4. Ken Kato. Vm back. http://chitchat.at.infoseek.co.jp/vmware/backdoor. html.
5. Tobias Klein. Jerry - a(nother) vmware fingerprint suite. http://www.trapkit.de/research/vmm/jerry/index.html, 2003.
6. Tobias Klein. Scoopy doo - vmware fingerprint suite. http://www.trapkit. de/research/vmm/scoopydoo/index.html, 2003.
7. Kostya Kortchinsky. Honeypots: Counter measures to vmware fingerprinting, http://seclists.org/honeypots/2004/q1/0015.html, 2004.
8. Elias Aka Lallous. Detect if your program is running inside a virtual machine. http://www.codeproject.com/system/VmDetect.asp, Apr 2005.
9. Tom Liston and Ed Sloudis. On the cutting edge: thwarting virtual machine detection. handlers. sans.org/tliston/ThwartingVMDetection-Liston-Skoudis.pdf, 2006.
10. Guillaume Lovet. Dirty money on the wires: The business models of cyber criminals. In Virus Bulletin 2006, Montréal, Canada, Oct 2006.
11. Hamish O'Dea. Trapping worms in a virtual net. In Virus Bulletin 2004, Fairmont Chicago, Illinois, USA., Sep 2004.
12. Alfredo Andres Omella. Methods for virtual machine detection. www.s21sec.com/descargas/vmware-eng.pdf, Jun 2006.
13. Danny Quist and V. Smith. Detecting the presence of virtual machines using the local data table. http://www.offensivecomputing.net/dcl4/vm.pdf, 2005.
14. Danny Quist and V. Smith. Further down the vm spiral. http://www.offensivecomputing.net/dcl4/furthur-down-the-vm-spiral.pdf, Aug 2006.
15. John Scott Robbin and Cynthia E. Irvine. Analysis of the intel Pentium's ability to support a secure virtual machine monitor. In Proceedings of the 9th USENIX Security Symposium, Denver .CO, Aug 2000.
16. [ 16] Joanna Rutkowska. Red pill...or how to detect vmm using one cpu instruction. http://incisiblethings.org/papers/redpill.html, 2004.
17. Oreans Technologies. Themida. http://www.oreans.com/ThemidaWhatsNew.php.