But that isn't the case anymore, according Symantec research. As companies increasingly use VMs in operational environments, malware writers are largely trying other methods to avoid detection. It means that simply running VMs won't be enough to scare away malware. [ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in InfoWorld's Malware Deep Dive Report . | Learn how to secure your systems with InfoWorld's Security Central newsletter . ] Symantec studied 200,000 malware samples submitted by its customers since 2012. It ran the samples on a VM and a non-VM machine to see which ones would stop working when a VM was detected. Just 18 percent of malware programs studied stop executing when a VM is detected, wrote Candid Wueest, a threat researcher, in a blog post Tuesday. "Malware authors want to compromise as many systems as possible, so if malware does not run on a VM, it limits the number of computers it could compromise," Wueest wrote. "So, it should not come as a surprise that most samples today will run normally on a virtual machine." One trick employed by malware to avoid being booted from a VM by security software is to simply wait, Symantec's report said. If a new file doesn't act suspicious in the first five or ten minutes, systems will likely decided it is harmless. Other types of malware will wait for a certain number of left mouse clicks before decrypting themselves and launching their payload, Wueest wrote. "This can make it difficult or impossible for an automated system to come to an accurate conclusion about the malware in a short time frame," according to the report. The fear is that malware will make its way back to the virtual machines' hosting server. That was the mission of the "Crisis" malware, a Java file distributed through social engineering which ran on Windows and Apple's OS X. Crisis tried to spread to virtual machines that were stored on a local server, Symantec wrote. It didn't exploit a vulnerability but capitalized on virtual systems simply being a series of files on a host server. A similar style of attack called "Cloudburst" was found in 2009. Overall, the change in tactics is better for security researchers, since most malware will continue to run and might be detected on a VM. But Symantec advised that to not miss the 18 percent of malware that will quit, real physical hardware should be used in analyses. For those concerned about VMs, Symantec recommended hardening host servers, vigilant patching of VMs and using antimalware defenses. Send news tips and comments to email@example.com . Follow me on Twitter: @jeremy_kirk
For the original version including any supplementary images or video, visit http://www.infoworld.com/d/security/malware-no-longer-avoiding-virtual-machines-248241
Founder of Potato Salad Kickstarter Plans Benefit for Homeless
The fully-funded potato salad Kickstarter campaign will host a benefit concert to help relieve hunger and homelessness in central Ohio. And yes, there will be potato salad. Zack Danger Brown (@ztbrown) August 13, 2014 Dubbed PotatoStock 2014, the free concert will take place on September 27 in Columbus Ohio and will feature a lineup of local artists and an a yet-to-be-determined national touring act. Brown told Mashable that all concession proceeds will go to a permanent, donor-advised fund at the Columbus Foundation. "That fund will make annual grants to existing nonprofits working to address hunger and homelessness in central Ohio," he added via email. According to Brown, PotatoStock has a host of committed sponsors including Hellmann's, Hampton Creek, Whence and the Idaho Potato Commission, as well as a few others the organizers are still working to to sign on. While he said that attendance will depend on whether or not the concert gets a headlining act, he expects the event will make money for its fund at the Columbus Foundation. One group he expects to turn up, however, is the Kickstarter's original backing donors, who'll no doubt expect to try a bit of Brown's estimated 200 to 300 pounds of potato salad. "I keep hearing people saying that they plan to road trip to PotatoStock from [out] of town," he said. "I'd love to see a huge pilgrimage to Columbus." According to an update on the campaign's Kickstarter page, money left over after the concert will benefit the Columbus Foundation fund. "These types of funds gain interest every year and grow over time, so, while our little internet joke will one day be forgotten, the impact will be felt forever," Brown writes. The rest of the profits will go toward launching a website where the organizers will post Potato Salad updates and videos. After Sept. 27, the website will continue on as a humor website where the organizers will post original content. Money will go toward purchasing a for-profit LLC, funding web hosting and renting equipment to make new video content. More updates on how Brown will fulfill his Kickstarter promises can be found on the campaign's page . Have something to add to this story?
For the original version including any supplementary images or video, visit http://mashable.com/2014/08/13/potato-salad-kickstarter-concert/?utm_campaign=Mash-Prod-RSS-Feedburner-All-Partial&utm_cid=Mash-Prod-RSS-Feedburner-All-Partial&utm_medium=feed&utm_source=rss