Malware is constantly changing, just like human beings.
Researchers have found a new type of macro malware that avoids detection by going dormant, when it detects that its in a security researcher’s test environment.
The malware uses few techniques to figure out if the host is a legitimate target or not,it uses a feature in windows, Recent Files. It uses the Recent files feature to see how many word documents the user has and if they don’t have certain number of documents then it will not execute. Another method, is the malware uses the IP of the computer network it’s on and see’s if it matches a blacklist and if it does match up then the malware doesn’t execute.
The reason why maker of the malware wouldn’t want the malware to execute while its in a VM(virtual machine) environment is so that it prolong the life span of the malware.
The malware is distributed through spam and phishing. The researches expect to see more malware in the future to have this ability.
-Brett Patterson brp5088
in dedication to Jar311