nerdexam
GIAC

GCIH · Question #548

Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?

The correct answer is A. The malware can detect the virtual machine by its MAC address and disables certain features. If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host

Malware Analysis & Advanced Persistent Threats

Question

Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?

Options

  • AThe malware can detect the virtual machine by its MAC address and disables certain features
  • BThe malware can periodically move its host directory in order to evade file integrity monitoring
  • CThe malware can run under a new user that was previously unknown to the system
  • DThe malware can spawn a new process for VMware tools and disable the internal

How the community answered

(57 responses)
  • A
    81% (46)
  • B
    11% (6)
  • C
    2% (1)
  • D
    7% (4)

Explanation

If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host directories, the tool may alert host based IDS or file integrity systems of its presence.

Topics

#VM detection#malware evasion#MAC address fingerprinting#anti-analysis

Community Discussion

No community discussion yet for this question.

Full GCIH Practice