The SANS Institute is reporting about some malicious program able to recognize virtual machines and avoid installing on them.
Since virtual machines are a great solution for covering honeypot role, some worm writers may want delay their malware discovery refusing to install inside virtual environments.
While this behaviour is meaningful today, it’s doomed to change within few years, when virtual machines will be a de-facto standard both for server and for client (think about VDI) population.
Meanwhile SANS suggests to run a piece of code on physical machines so that they mimick virtual machines answer. This may slow down infections better than any antivirus…
Read the whole article at source.