As companies use virtual machines in operational environments, more malware is able to execute.
According to research by Symantec, most malware used to make a quick exit on virtual machines, but just 18 per cent of malware programs studied stop executing when a VM is detected, wrote Candid Wueest, a threat researcher, in a blog post Tuesday and reported PC World
One trick employed by malware to avoid being booted from a VM by security software is to simply wait, Symantec’s report said. If a new file doesn’t act suspicious in the first five or ten minutes, systems will likely decided it is harmless. Other types of malware will wait for a certain number of left mouse clicks before decrypting themselves and launching their payload, Wueest wrote.