Malware Immunization via Infection Markersby Lenny Zeltser

Lenny Zeltser just posted an interesting article about protecting production systems by implanting markers that malware mistakes for either being a malware analysis environment or that the malware is already infected with the malware so the malware doesn’t infect it again.

The article is using rapid_env, a tool written in C++ that creates registry entries, files and mutexes by using a configuration file - meaning that your IOC can be used to fake an infection (do remember to take note that the system has been “immunized” so you won’t go on a wild goose chase looking for infected machines).

Read the full article over at

Published 11 March 2015