Once a security researcher discovers a new strain of malicious software -- running a virtual machine on a test-bench -- and adds its signature to anti-virus and network monitor blacklists, it's game over. So today's malware devotes enormous energy to figuring out if it's running on a real computer, or inside one of its enemies' virtual worlds.
A presentation from UCSM's professor Giovanni Vigna (who runs the Center for CyberSecurity and Seclab), he's seeing more and more malware that keeps its head down on new infection sites, cautiously probing the operating system to try and determine if it's running on a real computer or if it's a head in a jar, deploying all kinds of tricks to get there.
Ben Rosenbaum and I wrote a Hugo-nominated novella called True Names in which duelling AI superintelligences try to run versions of each other inside virtual environments as part of their overall strategy and tactics.
Every system call is a gamble for the malware. Though the compiled binary is far harder to analyse, even when running, than its source code would be, it will still need a good excuse to begin looking up the list of its host system’s running processes – in reality seeking out the presence of known analysis tools that might be watching it. Prof. Vigna’s own Anubis malware analysis software is on the malware-writer’s ‘hit list’.
Vigna has also found malware source code that specifically seeks out the user ‘Andy’ in a new environment, as this reflects the name of one of his team in earlier VM battles with malware authors.
Some of this paranoia is contextual – looking up system processes would likely be a red flag in a freeware text editor but merely a routine and expected environment check for a defragger, which would be looking for system elements that may prevent routine system housecleaning.
The malware of the future may come bearing real gifts
[Martin Anderson/The Stack]
Writing in MIT Tech Review, Talking Heads frontman David Byrne points out the secret and, in retrospect, obvious driving force behind tech: it reduces the often awkward and unreliable process of dealing with people, so you can buy music without asking friends for recommendations, take a cab without talking to a dispatcher, buy your groceries […]
Most people don’t look at any news, or at one news site; using social media a lot (even without the intention of looking for news) means that sometimes you’ll end up clicking a news link — so heavy social media users, on average, are consuming a wider media diet than those who do not use […]
In 2012, Google introduced Certificate Transparency, an internet-wide tripwire system designed to catch cryptographic “certificate authorities” who abused their position to produce counterfeit credentials that would allow criminals, governments and police to spy on and tamper with secure internet connections.
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]