Malicious execution stopped when virtual environment is detected.
Researchers at F-Secure have found a variant of the 'Flashback' trojan for Mac (a fake Adobe Flash Player update) that is capable of detecting whether it is run in a virtual environment.