Sandboxing was one of the best ways to test the security of programs and files. Until now…
As technological advancements continue to be made, the malware authors aren’t far behind. Malware creators are now finding ways to determine if malware is being installed on a virtual machine, or being “sandboxed”, and if so it lays dormant to avoid detection.
Many individuals use virtual machines to test different potential malware samples. They do this, because by doing so on a virtual machine mitigates the risk of the malware spreading. However, now malware authors have found a way to identify if the malware is being used on a virtual machine. Upon recognition of being sandboxed, the malware goes dormant.
One way, researchers have found, is for the malware to collect data from the “Recent Documents” option within the PC. If there are more than a few documents there, than it is deemed a legitimate PC and proceeds with the infection. Now we’re thinking, if we just load up our virtual machines with “Recent Documents” they’ll never be the wiser. Wrong. According to Yahoo Tech, the anti-sandbox malware also detects the IP of the system and cross references it with a known blacklist of security firm addresses. So if it finds itself in the midst of a security empire, it’ll again go into hiding.