The iPhone’s applications for surfing the web and checking emails are potentially at risk to remote attacks. We wanted to determine exactly how well the software on the iPhone was designed to resist such attacks.
By detecting virtual machines and changing the behavior, malware authors make analysis more difficult – an AV researcher either has to run the malware on physical machines, modify the virtual environment he’s using to prevent detection or manually analyze the malware.
The paper shows that BIND 9 DNS queries are predictable i.e. that the source UDP port and DNS transaction ID can be effectively predicted.