I can't find anything via google that mentions how honeypot whores typically get around the ability to detect virtualization (there are a few methods, but they are all pretty hacky... like changing vmware device strings and patches that no longer work to turn off the ability for guests to molest the hypervisor). Long story short, it seems like a better idea to go with a physical box (especially since I am interested primarily in botnet clients, pulled off 4chan, etc.). Sure, you can't have multiple anus haxxings going on in parallel if you are using hardware directly, but at least the malware won't magically die as soon as it starts.
How would you automate getting back to an uninfected disk image? I am considering network boot, or a fake USB device (I am not sure if that's possible... have nother box emulate a USB drive). I'm sure something more inventive involving LISP can be concocted here.
btw, I have some enterprise-class 233mhz boxes sitting around, and would prefer to use them. Of course, these won't even support the two things I mentioned, so... I'm hoping something even lower to the hardware is possible.
Name:
Anonymous2009-10-17 16:13
I can't understand your post. Could you elaborate?
I'm not sure what you're asking friend, you should go to /g/ or /comp/. If you're asking how to get rid of viruses, I recommend reformatting and reinstalling a better operating system.
>>1 has no idea what he is talking about. Anyone who knows a little about computers knows his whole post has little coherency, and it is likely he just used a bunch of words he found on reddit or a similar shit site together the way he thinks they work.
Name:
Anonymous2009-10-17 17:10
>>6
Well, it has coherency.
I, for example, understood it all
If you insist on using vmWare, then you'd probably have to change a lot of those strings and also would need to patch some drivers to not provide some services. There's a couple of papers out there which describe these tricks. Other solutions involve full emulation via Bochs (slow as hell, reliable) or using an open-source emulation solution, which you can just alter and recompile(VirtualBox).