Jump to content



Photo

Can any of the viruses spread via NAT network in VMWare?


  • Please log in to reply
38 replies to this topic

#1 CryptoHAX0R

CryptoHAX0R

    Neowinian

  • Joined: 29-December 13
  • Location: USA
  • OS: Windows 8

Posted 29 December 2013 - 23:46

I am planning on making videos on these 3 viruses on 3 different vm's. The VMs will be set to NAT, is that safe?

 

 

These are the viruses:

 - Cryptolocker

 - Stuxnet

 - Flame

 

So will these viruses spread to my main computer via NAT(I have norton internet security installed), or will they stay in the VM?

 




#2 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 29 December 2013 - 23:55

Well, to answer your question, no. But if you had to ask, should you be doing this in the first place?



#3 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • Tech Issues Solved: 9
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 29 December 2013 - 23:55

I am planning on making videos on these 3 viruses on 3 different vm's. The VMs will be set to NAT, is that safe?

 

 

These are the viruses:

 - Cryptolocker

 - Stuxnet

 - Flame

 

So will these viruses spread to my main computer via NAT(I have norton internet security installed), or will they stay in the VM?

 

 

Yes, I wouldn't chance it personally I would isolate them totally and not install a Virtual NIC.



#4 OP CryptoHAX0R

CryptoHAX0R

    Neowinian

  • Joined: 29-December 13
  • Location: USA
  • OS: Windows 8

Posted 30 December 2013 - 00:00

Well, to answer your question, no. But if you had to ask, should you be doing this in the first place?

 

There are some reasons I'm doing this:

 

1 - Fun.

2 - To teach people how to avoid them



#5 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 30 December 2013 - 00:08

There are some reasons I'm doing this:

 

1 - Fun.

2 - To teach people how to avoid them

 

If you are unsure of their attack vectors, how you are teaching people to avoid them :laugh:



#6 OP CryptoHAX0R

CryptoHAX0R

    Neowinian

  • Joined: 29-December 13
  • Location: USA
  • OS: Windows 8

Posted 30 December 2013 - 00:14

If you are unsure of their attack vectors, how you are teaching people to avoid them :laugh:

 

I know there attacks



#7 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 30 December 2013 - 00:29

I know there attacks

 

You just asked if the malware can spread to computers within the same network so if you were familiar with the attack vectors of each of those pieces of malware then why would you be asking about this?

 

The point is, if you aren't familiar with how the malware spreads then it is going to be difficult to teach people to avoid the malware or avoid spreading it yourself --> read as: you probably shouldn't be installing the malware.



#8 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 30 December 2013 - 00:33

Well, just put it this way, a strict NAT connection isn't going to give the client access to the host, however you need to make sure there is no connection from the client to the host (shared folders, drives, etc). If you network both client and host, then all bets are off. 

 

But I agree with what others are saying. If you're not sure as to what will happen, then you might want to reconsider. You can't really teach people about this stuff if you're not even sure. 



#9 OP CryptoHAX0R

CryptoHAX0R

    Neowinian

  • Joined: 29-December 13
  • Location: USA
  • OS: Windows 8

Posted 30 December 2013 - 00:49

Is cryptolocker safe to test without shared folder, with NAT, etc. I just haven't heard about Flame or S.net spreading via networks



#10 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 30 December 2013 - 01:24

Is cryptolocker safe to test without shared folder, with NAT, etc. I just haven't heard about Flame or S.net spreading via networks

 

Information stating that Flame or stuxnet can spread over a network is readily available via a cursory search of the Internet/Wikipedia. No one here is a malware expert (except maybe the guy who works for ESET), we all just googled and looked before posting. You'd be able to find the same information yourself if you searched before asking. For example, that Cryptolocker isn't a virus, but that you shouldn't be using NAT, sharing folders, or having it on your network because it can and will encrypt anything it has access to...

 

See: http://nakedsecurity...p-and-recovery/



#11 OP CryptoHAX0R

CryptoHAX0R

    Neowinian

  • Joined: 29-December 13
  • Location: USA
  • OS: Windows 8

Posted 30 December 2013 - 01:31

Information stating that Flame or stuxnet can spread over a network is readily available via a cursory search of the Internet/Wikipedia. No one here is a malware expert (except maybe the guy who works for ESET), we all just googled and looked before posting. You'd be able to find the same information yourself if you searched before asking. For example, that Cryptolocker isn't a virus, but that you shouldn't be using NAT, sharing folders, or having it on your network because it can and will encrypt anything it has access to...

 

See: http://nakedsecurity...p-and-recovery/

Whats the safest options for VMware/Virtualbox for Cryptolocker testing?



#12 +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 30 December 2013 - 01:32

I would just say to be careful.  You have shown that you aren't fully informed, and so I worry that any video you made would also be missing some info - and I think sometimes believing you are safe without actually being safe is dangerous!

 

Secondly, just a thought - is anyone going to take security advice from someone with the word "HAXOR" in their name?



#13 +snaphat (Myles Landwehr)

snaphat (Myles Landwehr)

    Electrical & Computer Engineer

  • Tech Issues Solved: 29
  • Joined: 23-August 05
  • OS: Win/Lin/Bsd/Osx
  • Phone: dumb phone

Posted 30 December 2013 - 01:35

Whats the safest options for VMware/Virtualbox for Cryptolocker testing?

 

As with any malware: having networking completely disabled and not having any shared folders between the systems.



#14 +theblazingangel

theblazingangel

    Software Engineer

  • Tech Issues Solved: 3
  • Joined: 25-March 04
  • Location: England, UK

Posted 30 December 2013 - 01:40

This post I recently wrote gives a thorough overview of the different network configuration options for VMs, specifically VMware and discusses potential threats from a point of view of whether or not it is a good idea to install software patches in them (original question in thread).

With NAT mode, malware (or an actual attacker who's gained access) will absolutely be able to reach out and communicate with other computers and thus spread if it has the capability to do so. The list of targets that it could potentially communicate with and attack includes all other VMs up and running in NAT mode (NAT offers no protection for the VMs within the virtual LAN), all VMs running in bridged mode, your host OS, anything accessible on your physical LAN, and any publicly accessible host out on the internet. Whether or not those hosts will get infected depends on the malware having the capability to distribute itself, whether the architecture is compatible for exploitation by that malware, configuration, whether particular patches are installed or missing and what security products may get it the way.

Your NIS package I would expect should hopefully be guarding your system from attacks incoming via not just the physical adapter, but the virtual adapters also, so your host OS should be relatively safe in some respects. Other systems listed above might be vulnerable though. It would be wise to isolate the VM from all networks when playing with malware.


Well, just put it this way, a strict NAT connection isn't going to give the client access to the host, however you need to make sure there is no connection from the client to the host (shared folders, drives, etc). If you network both client and host, then all bets are off.

But I agree with what others are saying. If you're not sure as to what will happen, then you might want to reconsider. You can't really teach people about this stuff if you're not even sure.

What? The NAT option for the VM isn't going to do anything at all to stop the guest OS reaching out and communicating with other systems / the host OS.

Also, note that as I explained in the post I linked to, with a VM in NAT mode there are multiple paths between the guest OS and another host. There's a direct connection with all other NAT based guest OSs via the virtual LAN; There's a direct connection to the host OS via the virtual LAN (VMnet8 virtual adapter in host OS), and there's the virtual NAT service through which anything out on the physical LAN (including the host OS) or the internet can be reached. All of this is covered in the post I linked to above.
 

Whats the safest options for VMware/Virtualbox for Cryptolocker testing?


To completely isolate the VM of course. Either remove any network adapters from the VM or at least tick the option to have it disabled on start, and make sure that there are no shares or anything setup to the host OS. Understand that if there is a vulnerability in the VM software itself, this could potentially result in your host OS getting compromised by a piece of malware that exploits such a vulnerability regardless of this.

#15 OP CryptoHAX0R

CryptoHAX0R

    Neowinian

  • Joined: 29-December 13
  • Location: USA
  • OS: Windows 8

Posted 30 December 2013 - 01:46

I would just say to be careful.  You have shown that you aren't fully informed, and so I worry that any video you made would also be missing some info - and I think sometimes believing you are safe without actually being safe is dangerous!

 

Secondly, just a thought - is anyone going to take security advice from someone with the word "HAXOR" in their name?

Its just a cool username :p





Click here to login or here to register to remove this ad, it's free!