Malicious execution stopped when virtual environment is detected.
Researchers at
F-Secure
have found a variant of the ‘Flashback’ trojan for
Mac
(a fake
Adobe Flash Player
update) that is capable of detecting whether it is run in a virtual environment.
Virtualization is a technique commonly used by malware researchers as it allows them to run the malware in a safe environment. To frustrate researchers and to avoid detection, malware authors regularly build in anti-virtualization techniques: the malware tries to detect whether it is running in a virtual environment and does not run if this is the case, thus hiding its malicious activity.
While such techniques are commonly seen in
Windows
malware,
Mac
malware using anti-virtualization techniques had not hitherto been seen. This is yet another example that shows that
Mac
malware is not only becoming more prevalent but also more advanced.
More at
F-Secure
‘s blog
here
.
Posted on 12 October 2011 by
Virus Bulletin
Leave a Reply