Last Updated on February 9, 2022 by Admin 2
Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?
- The malware can detect the virtual machine by its MAC address and disables certain features
- The malware can periodically move its host directory in order to evade file integrity monitoring
- The malware can run under a new user that was previously unknown to the system
- The malware can spawn a new process for VMware tools and disable the internal communications channel to the host
Explanation:
If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host directories, the tool may alert host based IDS or file integrity systems of its presence.
If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host directories, the tool may alert host based IDS or file integrity systems of its presence.