Today, I published the following diary on isc.sans.edu: “Suspicious IP Addresses Avoided by Malware Samples“:
Modern malware samples implement a lot of anti-debugging and anti-analysis techniques. The idea is to slow down the malware analyst’s job or, more simply, to bypass security solutions like sandboxes. These days, I see more and more malware samples written in Python that have these built-in capabilities. One of them is the detection of “suspicious” IP addresses… [Read more]