GCIH · Question #548
Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?
The correct answer is A. The malware can detect the virtual machine by its MAC address and disables certain features. If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host
Question
Which of the following techniques can malware employ to avoid detection by honey ports installed on virtual machines?
Options
- AThe malware can detect the virtual machine by its MAC address and disables certain features
- BThe malware can periodically move its host directory in order to evade file integrity monitoring
- CThe malware can run under a new user that was previously unknown to the system
- DThe malware can spawn a new process for VMware tools and disable the internal
How the community answered
(57 responses)- A81% (46)
- B11% (6)
- C2% (1)
- D7% (4)
Explanation
If malware can detect a virtual machine environment, it may be designed to disable certain features to avoid detection. It may lay dormant or send a signal back to a command and control centre notifying that the host is a VM. By creating new users, new processes or changing host directories, the tool may alert host based IDS or file integrity systems of its presence.
Topics
Community Discussion
No community discussion yet for this question.