> It's worth considering that viruses now days will check and see if programs like this are running and then delete themselves rather than execute the payload.
Wait, is this true? Do you have any resources backing this up. This would be a good protection mechanism if you can distill it to the minimum footprint to trigger this self destruct on viruses.
For windows it is true. I don't know if there are mainstream osx trojans, but I don't see why they wouldn't have the same behavior.
There are services like crowdstrike where you can upload a trojan, it will then run the trojan in a VM to try to see what it does. In response, trojans try to detect if the system they are on is a vm and if it has sufficient power (lots of ram, lots of cpu, age of installation/uptime) rather than minimal power as well as try to detect of the machine is capable of malware analysis or detecting it through installed tools (is python installed, etc.).
From first hand experience manually reverse engineering some e-mail trojans for fun, I can tell you it is true that at least some e-mail trojans will:
1. Check the resources of a machine to be reasonably confident it is not a honey pot/profiler
2. Check what is installed to be reasonably sure the owner is not technical
If you want to do the same, go to your spam folder and find a VBS trojan and start reverse engineering it. It's surprisingly easy and kind of fun, I estimate that an engineer with 1 year of experience and a solid handle of the command line could probably take apart a simple trojan in 1-8 hours.
I tried to use google to find a nice article to read of a breakdown of a trojan, but google seemed determined to return general population level results rather than technical/professional ones.
Wait, is this true? Do you have any resources backing this up. This would be a good protection mechanism if you can distill it to the minimum footprint to trigger this self destruct on viruses.