Comment Re:Test the Attachments (Score 1) 238
This is already reality. So called "red pills" allow malware to find out if its are running in an emulator or virtual machine.
Here's a paper that describes automatically generating such red pills:
"A fistful of red-pills: how to automatically generate procedures to detect cpu emulators" by R. Paleari, L. Martignoni, G. F. Roglia, and D. Bruschi
https://www.usenix.org/legacy/event/woot09/tech/full_papers/paleari.pdf
The authors found more than 23k red-pills to detect QEMU and/or BOCHS.