I think that it it not practically possible to detect reliably, using a piece of code, that the code is running inside a virtual machine.
But apparently there are ways to make a good guess – for example, by looking at the devices that are typical for certain VM environment (like S3 Trio64 video card in MS VPC), or virtual machine extensions installed in the guest OS.
This time I have two questions:
- Any other ways to detect that the code is running in a VM?
- Why malware tries to do that? It does, according to Sandi Hardmeier, a great spyware fighter and a MVP.