Sciweavers

ISW
2007
Springer

Detecting System Emulators

13 years 9 months ago
Detecting System Emulators
Malware analysis is the process of determining the behavior and purpose of a given malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques and removal tools. Security companies typically analyze unknown malware samples using simulated system environments (such as virtual machines or emulators). The reason is that these environments ease the analysis process and provide more control over executing processes. Of course, the goal of malware authors is to make the analysis process as difficult as possible. To this end, they can equip their malware programs with checks that detect whether their code is executing in a virtual environment, and if so, adjust the program’s behavior accordingly. In fact, many current malware programs already use routines to determine whether they are running in a virtualizer such as VMware. The general belief is that system emulators (such as Qemu) are more difficult to det...
Thomas Raffetseder, Christopher Krügel, Engin
Added 08 Jun 2010
Updated 08 Jun 2010
Type Conference
Year 2007
Where ISW
Authors Thomas Raffetseder, Christopher Krügel, Engin Kirda
Comments (0)