Latest Storm Worm - Is it a VMware or Virtual PC hopper?
While the Storm worm hasnít brought anything really new, the authors definitely went a step further Ė the Storm wormís code looks much better than a lot of malware weíve seen. And besides that, you have a custom packer that makes analysis and detection more difficult, rootkit capabilities so itís completely hidden, P2P botnet control and so on.
While analyzing one sample I noticed that the Storm worm tries to detect if itís running in a virtual environment. This became pretty popular with malware writers lately. The main reason their doing this is (presumably) to make analysis more difficult. The first step in malware analysis today is typically to run it in an isolated environment and to monitor its behavior.