Can any of the viruses spread via NAT network in VMWare?

By CryptoHAX0R
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

snaphat (Myles Landwehr) Member

Posted
  • Member
Posted

I know flame used to spread via windows update...

 

Yeah, that was a method of propagation once installed within a network. The initial/primary infections are done via USB. Remember, these were supposedly state sponsored malware designed to sabotage systems that aren't connected to the Internet.

Link to comment
Share on other sites
Mentor

snaphat (Myles Landwehr) Member

Posted
  • Member
Posted

I do have an extra computer, but it's OS is messed up. Not by viruses, but by my mom closing it when it was installing. Anyone know how to fix this with a Win XP iso and a USB?

 

Start a new thread if you want help with that (and be more detailed in your description) as to not completely derail the topic here.

Link to comment
Share on other sites
Grand Master

Dick Montage

Posted
Posted

The more I read, the more I feel that you shouldn't be offering such information as you are still very much learning yourself.  You don't even have a properly setup dedicated testing environment - so what do you feel puts you in the position to be the person to impart advice, when you clearly have areas you don't yet understand?

 

This isn't meant negatively, I genuinely am worried that you will lead someone into a false sense of security with half-tested theories.

  • pairughdocks and goretsky
  • Like 2
Link to comment
Share on other sites
Mentor

snaphat (Myles Landwehr) Member

Posted
  • Member
Posted

The more I read, the more I feel that you shouldn't be offering such information as you are still very much learning yourself.  You don't even have a properly setup dedicated testing environment - so what do you feel puts you in the position to be the person to impart advice, when you clearly have areas you don't yet understand?

 

This isn't meant negatively, I genuinely am worried that you will lead someone into a false sense of security with half-tested theories.

 

I feel he is likely to infect himself because he still doesn't appear to have the foggiest how these actually spread. Tell him over the network and he says he didn't know, tell him USB and he counters with them spreading over the network. It's bizarre to say the least considering this is the most basic and readily available information about these...

Link to comment
Share on other sites
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,
 
If you are serious about learning how to work with malicious software, let me provide you with three resources to help you on that path:

Look through popular mesage threads and read some messages before you start asking some questions.  While none of the sites are filled with particular curmudgeonly people, many questions asked by new people have already been answered and archived in stickied posts, FAQs and the like.  With a little luck, and a lot of hard work on your part, you may one day be able to work at a computer security company, or even start your own.

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

So do you use dedicated external hardware to record your videos? Because I would highly recommend that to the OP...

The moment you plug in a flash drive to copy off the video, that flash drive is potentially compromised.

 

Well you could always boot into a Bart PE environment or a Linux live environment and grab the video assuming the video itself is not infected.

 

I've heard some cases of malware that can escape a vm via them knowing they are running in a VM and exploiting bugs in the Virtual machine software. One time I saw a video on youtube where a guy double clicked an exe inside a virtual machine and mspaint opened up outside the VM.

 

If you STILL want to release malware inside a VM running on your machine I would first start by making sure you can NOT ping any of the IP addresses on your network. I would also make sure you cannot connect to the network shares.

 

Also make sure your router is not setup with the default password. We don't want the malware logging into your router and configuring stuff. I would also make sure UPnP is disabled in your router. Other wise malware running in the VM could start opening ports on your router.

 

So to summerize

 

1) Make sure you can't ping the ip's of machines on your local network from inside the VM

2) Make sure you cannot access local shares of machines on your network (which shouldn't be possible if you can't ping them)

3) Make sure your router is not using the default password

4) Make sure UPnP is disabled in your router.

 

If you need help with any of the 4 things listed above, you probably shouldn't be doing this.

Link to comment
Share on other sites
Rookie

CryptoHAX0R

Posted
  • Author
Posted

Well you could always boot into a Bart PE environment or a Linux live environment and grab the video assuming the video itself is not infected.

 

I've heard some cases of malware that can escape a vm via them knowing they are running in a VM and exploiting bugs in the Virtual machine software. One time I saw a video on youtube where a guy double clicked an exe inside a virtual machine and mspaint opened up outside the VM.

 

If you STILL want to release malware inside a VM running on your machine I would first start by making sure you can NOT ping any of the IP addresses on your network. I would also make sure you cannot connect to the network shares.

 

Also make sure your router is not setup with the default password. We don't want the malware logging into your router and configuring stuff. I would also make sure UPnP is disabled in your router. Other wise malware running in the VM could start opening ports on your router.

 

So to summerize

 

1) Make sure you can't ping the ip's of machines on your local network from inside the VM

2) Make sure you cannot access local shares of machines on your network (which shouldn't be possible if you can't ping them)

3) Make sure your router is not using the default password

4) Make sure UPnP is disabled in your router.

 

If you need help with any of the 4 things listed above, you probably shouldn't be doing this.

 

Hey.

I got an extra computer, and an WIN XP iso. Will that make this safer?

Link to comment
Share on other sites
Mentor

snaphat (Myles Landwehr) Member

Posted
  • Member
Posted

Hey.

I got an extra computer, and an WIN XP iso. Will that make this safer?

 

Why would having an extra computer on the same network or an ISO make this in any way safer? :dontgetit:

Link to comment
Share on other sites
Grand Master

riahc3

Posted
Posted

Hello,

I see next year's first topic: "Help! I hax myself and my files and they are all encrypted"

Sorry but like someone said: If you truely do not know how the network stacks work with the viruses your are trying to show, I recommend you do not play around with this.

  • snaphat (Myles Landwehr)
  • Like 1
Link to comment
Share on other sites
Grand Master

+John Teacake MVC

Posted
  • MVC
Posted

Try it and let us know how you get on. Setting your network card to NAT mode is the least of your worries. You don't know the attack vectors. Alot of these have subroutines to pick up if they are in a VM and will sometimes kill themselves off if they think they are been sandboxed. 

Link to comment
Share on other sites
Grand Master

Torolol

Posted
Posted

I believe Mark Russinovich, already made videos about Stuxnet, just about few years ago.

The stuxnet was in VM.

But i don't remember he open the NAT connection between guest and the host.

Link to comment
Share on other sites
Grand Master

Arachno 1D

Posted
Posted

I know flame used to spread via windows update...

 

Dont believe everything you read not all of the problem can always be found due to the nature of the beast and 100% of the ways and what fors behind such devices are never publicly disclosed.

 

I do have an extra computer, but it's OS is messed up. Not by viruses, but by my mom closing it when it was installing. Anyone know how to fix this with a Win XP iso and a USB?

 

 

Id suggest given your inexperience that you stick with the theory of how these devices are constructed and react within a system and network environment.A basic level of programming,network systems and hardware would help you understand how they are constructed and diagnosed.Maybe you should research Ethical Hacker courses at local establishments and learn from others instead of treading the same paths again and again..

Link to comment
Share on other sites
Mentor

Lant

Posted
Posted

If you want to show something useful use the Cuckoo Sandbox to run the malware.

You get a nice report out at the end of what processes were involved, what API functions were called and info on network access.

Anyway it might be worth not playing with a network enabled VM until you know for real what you are doing.

Also running these VMs on a Linux (or other) OS would be a good idea, to prevent accidental infection of your Windows host machine (if it is one).

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.