Microsoft has introduced a cloud service that tests Linux VMS on malware. The special feature of Project Ferta: The examination works without having to install a malware-wake or otherwise an instrumentation in the VM or the hypervisor actively monitor the guest.
How Microsoft exports to Project Ferta in a blog post, more and more malware demonstrates the target systems first on the existence of well-known monitoring mechanisms and then tries to escape the. The Ferta service therefore examines Memory Dumps of the Linux VMS. Create the cans of Admins in different ways: from AUBen with the Snapshot Tools of Hyper-V and VMware or from the VM with the – also developed by Microsoft – Linux Tool AVML or via the Kernel Module Lime. The memory image of the VM can then be uploaded and analyzed on the FATA portal. For this purpose, a Microsoft or AAD account (Azure Active Directory) is necessary.
Project Ferta wants to find Rootkits in Linux-VMS.
The result of the analysis is a detailed report. For this purpose, Project Ferta is looking for information on typical root kit actions. Of course, these potential root kit actions have to be examined. Support for Windows VMS wants to deliver Microsoft Father.