Although, it’s a recommended best practice to test and debug malware in an isolated and contained environment, this post by Marco Ramilli explains how crafty malware can eventually detect this environment and behave in a different way. Malware can detect virtualized environments, active debuggers and sandbox environments. Briefly, malware authors can easily insert code into their software that detects such environments and defeats the planned analysis!
Read more here – http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html