Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Latest Storm Worm - Is It A Vmware Or Virtual Pc Hopper?

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:10:15 AM

Posted 26 July 2007 - 08:54 AM

Posted Image The Storm worm (aka Nuwar) is one of the worst threats out there as it contains some of the latest advancements in malware techniques (including very realistic social engineering on it's latest e-card versions). While most users don't run Virtual Machine environments, one variant seems to be searching for it to possibly hide better or even damage other logical partitions

Latest Storm Worm - Is it a VMware or Virtual PC hopper?

While the Storm worm hasnít brought anything really new, the authors definitely went a step further Ė the Storm wormís code looks much better than a lot of malware weíve seen. And besides that, you have a custom packer that makes analysis and detection more difficult, rootkit capabilities so itís completely hidden, P2P botnet control and so on.

While analyzing one sample I noticed that the Storm worm tries to detect if itís running in a virtual environment. This became pretty popular with malware writers lately. The main reason their doing this is (presumably) to make analysis more difficult. The first step in malware analysis today is typically to run it in an isolated environment and to monitor its behavior.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users