Cyber Scarecrow

(www.cyberscarecrow.com)

606 points toby_tw | 2 comments | 18 Jun 24 08:08 UTC | HN request time: 0.002s | source

Show context

iforgotpassword ◴[18 Jun 24 08:27 UTC] No.40715345[source]▶

Narrator: and so the arms race continues.

I guess if this gets enough attention, malware will just add more sophisticated checks and not just look at the exe name.

But on that note, I wondered the same thing at my last workplace where we'd only run windows in virtual machines. Sometimes these were quite outdated regarding system and browser updates, and some non-tech staff used them to browse random websites. They were never hit by any crypto malware and whatnot, which surprised me a lot at first, but at some point I realized the first thing you do as even a halfway decent malware author is checking whether you run in a virtualized environment.

replies(2): >>40715417 #>>40715526 #

curtisblaine ◴[18 Jun 24 08:43 UTC] No.40715417[source]▶

>>40715345 #

> I guess if this gets enough attention, malware will just add more sophisticated checks and not just look at the exe name.

But more sophisticated detection means bigger payload (making the malware easier to detect) and more complexity (making the malware harder to make / maintain), so mission accomplished.

replies(3): >>40715455 #>>40715544 #>>40722248 #

saagarjha ◴[18 Jun 24 08:51 UTC] No.40715455[source]▶

>>40715417 #

Not by much. Probably less effort than you're putting in trying to avoid the malware, so it's a net loss.

replies(1): >>40715569 #

1. xiphias2 ◴[18 Jun 24 09:13 UTC] No.40715569[source]▶

>>40715455 #

The more scarecrow is installed, the easier it gets for real security researchers to hide from these checks and detect viruses. So actually the dynamic helps security research.

replies(1): >>40716747 #

2. saagarjha ◴[18 Jun 24 11:59 UTC] No.40716747[source]▶

>>40715569 (TP) #

That's not how this works.

↑