Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?

Last Updated on February 9, 2022 by Admin 2

Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?

  • The malware can detect the virtual machine by its MAC address and disables certain features
  • The malware can periodically move its host directory in order to evade file integrity monitoring
  • The malware can run under a new user that was previously unknown to the system
  • The malware can spawn a new process for VMware tools and disable the internal communications channel to the host
Explanation:
If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host directories, the tool may alert host based IDS or file integrity systems of its presence.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments