White Paper:
Automated In-Network Malware Analysis:
Pitfalls of Virtual Machine Sandboxing
Pitfalls of Virtual Machine Sandboxing
" Malware authors have
included their own
detection and evasion
techniques designed
to thwart virtualization
and emulation analysis
systems."
included their own
detection and evasion
techniques designed
to thwart virtualization
and emulation analysis
systems."
With the decreasing effectiveness of end point protection suites, information security professionals are turning to alternative approaches to detect the presence of advanced malware.
This approach is well known to the operators of botnets and cyber crime, and workarounds are increasingly popular. As such, there are a variety of techniques the bad guys can utilize to evade detection by virtualization environments.
This paper is a primer on malware virtualization and the techniques criminals use to detect a VM environment and evade analysis.
One approach analyzes inbound suspicious files and malware by allowing them to run in a virtual machine environment – with the hopes of positively identifying malware and extracting forensics data to aid remediation tasks or create signatures to block infection vectors.
This paper is a primer on malware virtualization and the techniques criminals use to detect a VM environment and evade analysis.