So all I need to do is make my computer look like a virus researcher's machine and viruses will turn benign?
Researcher James Wyke has discovered throw-off tactics used by malware to frustrate investigators. These tactics were part of a suite of impressive methods VXers used to find technical artifacts that could help them distinguish between computers belonging to victims and those used by malware researchers. While malware writers …
With VMware, it's not hard to detect: Just look at the BIOS vendor string. It mentions VMWare quite prominently. You can also look for VMware only drivers (e.g. VXNet). Another option, is to try the I/O interface that VMware tools uses to communicate with the VMWare hypervisor.
I suspect you can use similar tricks with other hypervisors.
Malware writers have been trying to avoid being detected for years - staying dormant till certain triggers are met (wait period, time/date, user activity), checking for other applications researchers use (IDA, Hiew, Wireshark, VM etc), hiding behavior from static analysis, heuristics and emulators etc?
Yes you are correct! Advanced Persistent Threats(APT) are already a reality in the web world. Only a very blended defense can possibly hope to indicate the level of infection. Now, I will temper that with a nation state actors warning, that will defeat any defense you have - but the behaviors of your system will belie this threat! If you suspect this - I recommend you trash this computer and get another one, the infection level is so pervasive that nothing - not hardware or software is forever trustworthy from then on!!!
Even your ISP could be compromised by then! Don't admit to the depth of your suspicions to the service provider - just explain the symptoms and complain in an ordinary way. Do NOT admit that your paranoia includes such a calamitous attack. Just concentrate on their vulnerabilities and berate them for it - and try to threaten them with state action to their service reliability and reputation. It is all you can do - with the level the enemy has at his disposal. I have friends with Intellectual Property rights that could affect the national security of nations, that have been totally pwned with a combination of Apple products and Android devices; so don't assume this will be a protection. Never assume anything - my TELCO is under attack for service reliability for just discussing the problem I am having with my clients. The FBI and all other federal agencies are not even as good as keystone cops - so just forget any help from your government sources. I include UK sources as well.
Biting the hand that feeds IT © 1998–2019