VMware/sandbox aware malware

Greetings to all!

Its great to see the Comodo’s CIMA is working online and serving multiple users. Great job guys!.

I tried to find if CIMA has got ability to process VMware/Sandbox aware malware. I have not found any topic on it and hence thought to start a new topics which may help CIMA dev guys. There are some malwares which does not setup in virtual environment and hence may not show any malicious behavior. Does CIMA deal with such malwares?


I also would like to know if CIMA is able to detect Conficker-worms ?

Here is agood article about the Conficker code.
It is VMWare aware and shuts itself down and hides when it detects that it is running under VM.


The conficker/Downadup worm is the recent most affecting malware. Also find a good analysis of conficker at http://mtc.sri.com/Conficker/. Hope this may be helpful to the research team.

That’s a cheep antivirus, just let the malware think your “real” system is running “virtual” and it goes to sleep :wink: