Cyber Scarecrow

(www.cyberscarecrow.com)

606 points toby_tw | 1 comments | 18 Jun 24 08:08 UTC | HN request time: 0s | source

Show context

iforgotpassword ◴[18 Jun 24 08:27 UTC] No.40715345[source]▶

Narrator: and so the arms race continues.

I guess if this gets enough attention, malware will just add more sophisticated checks and not just look at the exe name.

But on that note, I wondered the same thing at my last workplace where we'd only run windows in virtual machines. Sometimes these were quite outdated regarding system and browser updates, and some non-tech staff used them to browse random websites. They were never hit by any crypto malware and whatnot, which surprised me a lot at first, but at some point I realized the first thing you do as even a halfway decent malware author is checking whether you run in a virtualized environment.

replies(2): >>40715417 #>>40715526 #

curtisblaine ◴[18 Jun 24 08:43 UTC] No.40715417[source]▶

>>40715345 #

> I guess if this gets enough attention, malware will just add more sophisticated checks and not just look at the exe name.

But more sophisticated detection means bigger payload (making the malware easier to detect) and more complexity (making the malware harder to make / maintain), so mission accomplished.

replies(3): >>40715455 #>>40715544 #>>40722248 #

1. GordonS ◴[18 Jun 24 21:14 UTC] No.40722248[source]▶

>>40715417 #

Nope, just check the process executable's digital signature - pretty simple.

↑