Once a security researcher discovers a new strain of malicious software -- running a virtual machine on a test-bench -- and adds its signature to anti-virus and network monitor blacklists, it's game over. So today's malware devotes enormous energy to figuring out if it's running on a real computer, or inside one of its enemies' virtual worlds.
A presentation from UCSM's professor Giovanni Vigna (who runs the Center for CyberSecurity and Seclab), he's seeing more and more malware that keeps its head down on new infection sites, cautiously probing the operating system to try and determine if it's running on a real computer or if it's a head in a jar, deploying all kinds of tricks to get there.
Ben Rosenbaum and I wrote a Hugo-nominated novella called True Names in which duelling AI superintelligences try to run versions of each other inside virtual environments as part of their overall strategy and tactics.
Every system call is a gamble for the malware. Though the compiled binary is far harder to analyse, even when running, than its source code would be, it will still need a good excuse to begin looking up the list of its host system’s running processes – in reality seeking out the presence of known analysis tools that might be watching it. Prof. Vigna’s own Anubis malware analysis software is on the malware-writer’s ‘hit list’.
Vigna has also found malware source code that specifically seeks out the user ‘Andy’ in a new environment, as this reflects the name of one of his team in earlier VM battles with malware authors.
Some of this paranoia is contextual – looking up system processes would likely be a red flag in a freeware text editor but merely a routine and expected environment check for a defragger, which would be looking for system elements that may prevent routine system housecleaning.
The malware of the future may come bearing real gifts
[Martin Anderson/The Stack]
Frontier is the bottom-rung of the top-tier of US ISPs, serving customers in 29 states. Despite enjoying monopoly control over its customers' online lives, and despite massive government handouts and a lackadaisical approach to maintenance, and despite out-and-out theft from customers, the company is filing for bankruptcy, having accumulated $16.3b in debt through mismanagement.
Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good."
Long before 4chan and other anything-goes forums existed, every major online community had a similar community: the Well had its "weird" forum, Usenet had alt.syntax.tactical (among others), and Something Awful had the "Fuck You and Die" forum, where people were funny, mean, obscene, and gross, sometimes all at once.
Two-thirds of American adults drink coffee every day. On average, they’re each drinking about three cups per day, which works out to nearly 400 million cups downed each and every day. We don’t have stats on what percentage of those cups are God awfully bad, but you have to assume with so many ways to […]
For those with a writing flair, the thought of building a career as a professional copywriter should probably have some appeal. Thankfully, it’s also an in-demand job skill with the average copywriter making a healthy $60,000 a year for their efforts. But even if you have a way with words, you still need the industry […]
While we all love our iPhones and iPads, celebrating the releases of their latest and greatest versions, it’s amusing to consider how much we at the same time HATE the main item that keeps these little tech marvels powered up and working. No, Lightning cables don’t exactly inspire feelings of awe and wonder. It’s more […]