[TippeX]

this simply leads to another question - why the interest?
in my experience some groups worked together, some didn't, difficult steps in reversing a vm are figuring out exactly what is going on (some teams are better at this than others) and then reversing it back to x86 code (for a clean crack), or abusing the vm so it does the work for the cracked version (which some teams do)..
securom is not the same as starforce, starforce uses drivers to do some things, which made it a bit trickier to crack (due to the ring 0 stuff)

as for dealing with a virtual machine since the beginning, to anyone who is skilled enough to crack the protections, it is pretty easy to determine what is x86 code and what isn't so yes, spotting vmusage to a trained eye is not hard.