Can any of the viruses spread via NAT network in VMWare?


Recommended Posts

I am planning on making videos on these 3 viruses on 3 different vm's. The VMs will be set to NAT, is that safe?

 

 

These are the viruses:

 - Cryptolocker

 - Stuxnet

 - Flame

 

So will these viruses spread to my main computer via NAT(I have norton internet security installed), or will they stay in the VM?

 

Well, to answer your question, no. But if you had to ask, should you be doing this in the first place?

  • Like 3
  On 29/12/2013 at 23:46, CryptoHAX0R said:

I am planning on making videos on these 3 viruses on 3 different vm's. The VMs will be set to NAT, is that safe?

 

 

These are the viruses:

 - Cryptolocker

 - Stuxnet

 - Flame

 

So will these viruses spread to my main computer via NAT(I have norton internet security installed), or will they stay in the VM?

 

 

Yes, I wouldn't chance it personally I would isolate them totally and not install a Virtual NIC.

  On 29/12/2013 at 23:55, Dot Matrix said:

Well, to answer your question, no. But if you had to ask, should you be doing this in the first place?

 

There are some reasons I'm doing this:

 

1 - Fun.

2 - To teach people how to avoid them

  On 30/12/2013 at 00:00, CryptoHAX0R said:

There are some reasons I'm doing this:

 

1 - Fun.

2 - To teach people how to avoid them

 

If you are unsure of their attack vectors, how you are teaching people to avoid them :laugh:

  On 30/12/2013 at 00:14, CryptoHAX0R said:

I know there attacks

 

You just asked if the malware can spread to computers within the same network so if you were familiar with the attack vectors of each of those pieces of malware then why would you be asking about this?

 

The point is, if you aren't familiar with how the malware spreads then it is going to be difficult to teach people to avoid the malware or avoid spreading it yourself --> read as: you probably shouldn't be installing the malware.

  • Like 2

Well, just put it this way, a strict NAT connection isn't going to give the client access to the host, however you need to make sure there is no connection from the client to the host (shared folders, drives, etc). If you network both client and host, then all bets are off. 

 

But I agree with what others are saying. If you're not sure as to what will happen, then you might want to reconsider. You can't really teach people about this stuff if you're not even sure. 

  On 30/12/2013 at 00:49, CryptoHAX0R said:

Is cryptolocker safe to test without shared folder, with NAT, etc. I just haven't heard about Flame or S.net spreading via networks

 

Information stating that Flame or stuxnet can spread over a network is readily available via a cursory search of the Internet/Wikipedia. No one here is a malware expert (except maybe the guy who works for ESET), we all just googled and looked before posting. You'd be able to find the same information yourself if you searched before asking. For example, that Cryptolocker isn't a virus, but that you shouldn't be using NAT, sharing folders, or having it on your network because it can and will encrypt anything it has access to...

 

See: http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

  On 30/12/2013 at 01:24, snaphat (Myles Landwehr) said:

Information stating that Flame or stuxnet can spread over a network is readily available via a cursory search of the Internet/Wikipedia. No one here is a malware expert (except maybe the guy who works for ESET), we all just googled and looked before posting. You'd be able to find the same information yourself if you searched before asking. For example, that Cryptolocker isn't a virus, but that you shouldn't be using NAT, sharing folders, or having it on your network because it can and will encrypt anything it has access to...

 

See: http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

Whats the safest options for VMware/Virtualbox for Cryptolocker testing?

I would just say to be careful.  You have shown that you aren't fully informed, and so I worry that any video you made would also be missing some info - and I think sometimes believing you are safe without actually being safe is dangerous!

 

Secondly, just a thought - is anyone going to take security advice from someone with the word "HAXOR" in their name?

  • Like 2
  On 30/12/2013 at 01:31, CryptoHAX0R said:

Whats the safest options for VMware/Virtualbox for Cryptolocker testing?

 

As with any malware: having networking completely disabled and not having any shared folders between the systems.

This post I recently wrote gives a thorough overview of the different network configuration options for VMs, specifically VMware and discusses potential threats from a point of view of whether or not it is a good idea to install software patches in them (original question in thread).

With NAT mode, malware (or an actual attacker who's gained access) will absolutely be able to reach out and communicate with other computers and thus spread if it has the capability to do so. The list of targets that it could potentially communicate with and attack includes all other VMs up and running in NAT mode (NAT offers no protection for the VMs within the virtual LAN), all VMs running in bridged mode, your host OS, anything accessible on your physical LAN, and any publicly accessible host out on the internet. Whether or not those hosts will get infected depends on the malware having the capability to distribute itself, whether the architecture is compatible for exploitation by that malware, configuration, whether particular patches are installed or missing and what security products may get it the way.

Your NIS package I would expect should hopefully be guarding your system from attacks incoming via not just the physical adapter, but the virtual adapters also, so your host OS should be relatively safe in some respects. Other systems listed above might be vulnerable though. It would be wise to isolate the VM from all networks when playing with malware.

  On 30/12/2013 at 00:33, Dot Matrix said:

Well, just put it this way, a strict NAT connection isn't going to give the client access to the host, however you need to make sure there is no connection from the client to the host (shared folders, drives, etc). If you network both client and host, then all bets are off.

But I agree with what others are saying. If you're not sure as to what will happen, then you might want to reconsider. You can't really teach people about this stuff if you're not even sure.

What? The NAT option for the VM isn't going to do anything at all to stop the guest OS reaching out and communicating with other systems / the host OS.

Also, note that as I explained in the post I linked to, with a VM in NAT mode there are multiple paths between the guest OS and another host. There's a direct connection with all other NAT based guest OSs via the virtual LAN; There's a direct connection to the host OS via the virtual LAN (VMnet8 virtual adapter in host OS), and there's the virtual NAT service through which anything out on the physical LAN (including the host OS) or the internet can be reached. All of this is covered in the post I linked to above.

 

  On 30/12/2013 at 01:31, CryptoHAX0R said:

Whats the safest options for VMware/Virtualbox for Cryptolocker testing?

To completely isolate the VM of course. Either remove any network adapters from the VM or at least tick the option to have it disabled on start, and make sure that there are no shares or anything setup to the host OS. Understand that if there is a vulnerability in the VM software itself, this could potentially result in your host OS getting compromised by a piece of malware that exploits such a vulnerability regardless of this.

  On 30/12/2013 at 01:32, Nik L said:

I would just say to be careful.  You have shown that you aren't fully informed, and so I worry that any video you made would also be missing some info - and I think sometimes believing you are safe without actually being safe is dangerous!

 

Secondly, just a thought - is anyone going to take security advice from someone with the word "HAXOR" in their name?

Its just a cool username :P

  On 30/12/2013 at 01:46, CryptoHAX0R said:

Its just a cool username :p

 

off topic, but I do think everyone here is probably rolling their eyes at it. I automatically assume that anyone using haxxor, haxor, or hacker doesn't know anything about hacking in either the mainstream or subcultural contexts.

 

 
  On 30/12/2013 at 01:48, Nik L said:

If it's tongue-in-cheek referencing movies like "Hackers" with "ZeroCool" then maybe  ;)

 

 

THAT MOVIE. oh my god... that movie...

  Quote
 I automatically assume that anyone using haxxor, haxor, or hacker doesn't know anything about hacking in either the mainstream or subcultural contexts.

 

Exactly where I was coming from.  "Haxor" conjures images of a kid creating a "Are you gay" winform where the "no" button moves on mouseover...

Hello,

 

When I recorded these types of videos I use a dedicated PC and wipe the drive when done. 

 

You certainly should not be running malware inside a virtual machine, since a lot of malware behaves differently under them.  You certainly should not be using a PC you use for other activities.

 

You might want to start working on building out your malware research lab first before you begin recording your videos.  You can use any old PC as your "sacrificial goat" system:  Most malware runs fine on computers that meet the minimum system requirements for the targeted operating system(s).

 

Regards,

 

Aryeh Goretsky

  • Like 2
  On 30/12/2013 at 05:52, goretsky said:

Hello,

 

When I recorded these types of videos I use a dedicated PC and wipe the drive when done. 

 

So do you use dedicated external hardware to record your videos? Because I would highly recommend that to the OP...

The moment you plug in a flash drive to copy off the video, that flash drive is potentially compromised.

  On 30/12/2013 at 06:26, rfirth said:

So do you use dedicated external hardware to record your videos? Because I would highly recommend that to the OP...

The moment you plug in a flash drive to copy off the video, that flash drive is potentially compromised.

 

:laugh: In the case of the viruses he listed, the primary mode of infection was via USB thumb drives...

  On 30/12/2013 at 05:52, goretsky said:

Hello,

 

When I recorded these types of videos I use a dedicated PC and wipe the drive when done. 

 

You certainly should not be running malware inside a virtual machine, since a lot of malware behaves differently under them.  You certainly should not be using a PC you use for other activities.

 

You might want to start working on building out your malware research lab first before you begin recording your videos.  You can use any old PC as your "sacrificial goat" system:  Most malware runs fine on computers that meet the minimum system requirements for the targeted operating system(s).

 

Regards,

 

Aryeh Goretsky

 

I dont have any .doc, .docx, .png, .txt, etc files on my main PC, which CL targets. But my PC is in a wi-fi network...

  On 30/12/2013 at 07:31, snaphat (Myles Landwehr) said:

:laugh: In the case of the viruses he listed, the primary mode of infection was via USB thumb drives...

 

I know flame used to spread via windows update...

  On 30/12/2013 at 06:26, rfirth said:

So do you use dedicated external hardware to record your videos? Because I would highly recommend that to the OP...

The moment you plug in a flash drive to copy off the video, that flash drive is potentially compromised.

I do have an extra computer, but it's OS is messed up. Not by viruses, but by my mom closing it when it was installing. Anyone know how to fix this with a Win XP iso and a USB?

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I run a very small Discord server that handles news and discussion on a few games - less than 25 members so far, but growing.  I would NEVER allow anyone to block or ignore myself or any of the other admins.   If myself or an admin gets blocked, we are unable to perform the duties that I asked them to on the server - one of which is to moderate chat and ensure things stay (mostly) family friendly.  Since it's my server, I am the Final Boss on the server and if someone doesn't like it, I will gladly show them the door.
    • It's been four years, and I still don't have a strong enough reason to upgrade to Windows 11 by Usama Jawad Windows 11 launched way back in October 2021, and I reviewed it at that time, assigning it a verdict of 6.5/10, noting that it's a decent operating system but it prioritizes aesthetics over actual functionality. I also expanded upon this viewpoint both prior to the general release of the OS and after the fact through my series of Closer Look articles. At that time, I couldn't fathom using Windows 11 as my daily driver, but now that it's been four years, have things changed? Is Windows 11 my daily driver? Yes and no I use both Windows 10 and Windows 11 daily, and the ratio of time I spend on both of them is fairly equal. I basically have two laptops, one for personal use and one for work. The personal laptop runs on Windows 10 whereas the work machine is powered by Windows 11. The reason behind this is that although Windows 10 is my preferred OS due to familiarity, my work laptop was facing some hardware issues that required replacement of the SSD. When my office's IT team replaced the SSD and asked me which OS I would like installed on it, I responded Windows 11 just for the heck of it; just to see if I could make it my daily driver. I've been using it for the past six or so months on that machine, but that isn't my only experience with Windows 11. Even on my personal machine, I have both operating systems dual-booted on separate partitions for the last four years. So yes, as things currently stand, I am using both Windows 10 and Windows 11 simultaneously. The former because I'm comfortable with it and the latter just because I felt like I could do with some change in my routine. Windows 11 still isn't really my OS of choice Let me get one thing straight, I have no strong complaints against Windows 11. I know that it's missing some functionality that some would consider essential, those things don't really bother me much. My use of Windows machines is fairly routine. I use them for writing articles, preparing presentations, building dashboards, coding, attending Teams calls, and similar activities. I don't play games on them, so gaming performance deltas - if any - don't bother me all that much. All that is to say, I still don't really have a strong reason to upgrade to Windows 11. Yes, the aesthetics are different, but all the other features that Microsoft has introduced in its latest and greatest version of Windows isn't something that affects my daily routine. Let's go through some of the recent changes that Microsoft has been working on with Windows 11: A redesigned Start menu: don't recall the last time I clicked on the Windows icon or key to open the Start menu. I do use Windows Search though AI features like Recall: Many are locked to Copilot+ PCs Improved context menus: I'm fine with the context menus in Windows 10 An improved and deeply integrated Microsoft Store: Eh, does anyone really use this storefront? Updates to Settings app: While I do like the improvements being made to this particular app, the Settings app isn't something I open daily There are lots of other changes too, but as you may have been able to surmise from the above, I am not inherently against any of the features present in Windows 11. I just feel that, for the vast majority of users - including myself -, there Windows 10 machine does get the work done. Yes, Windows 11 has new capabilities and perhaps even improves in many areas, it's just not enough to get people to ditch a perfectly running OS that they have familiarized themselves with. Windows 11 isn't a bad OS at all, it's just not as OS that everyone simply needs right now. None of this will likely matter at the end What would get me to upgrade to Windows 11 in a blink of an eye would be things that improve my daily workflow. If Teams really did get entrenched in Windows 11 in a meaningful way (I still remember that failed integration attempt), if AI really did enhance my productivity in a quantifiable manner through Windows 11-specific features, or if the OS had specialized software that simply couldn't be replicated in Windows 10, then we'd be talking. Of course, none of this may matter at the end. Windows 10 is reaching end of life (EoL) in less than four months from now, which means that customers who remain on this OS will be left high and dry when it comes to security updates. At that time, remainers such as myself will have to choose between sticking to an insecure version of Windows, migrating to Windows 11 - which may even require purchasing a new PC -, or even, God forbid, consider a Linux distro. There's also a very strong chance that Windows 10 ends up being the next Windows 7, which is something that I have hypothesized about before. In my opinion, Microsoft is still struggling to offer compelling reasons to ditch Windows 10 and upgrade to Windows 11, which is reflected in the fragmented state of Windows market share, where Windows 10 is still the most popular OS. Redmond is making various attempts to get people to seamlessly upgrade to Windows 11 in what may be last ditch efforts before the looming Windows 10 EoL date. But I believe what will really move the needle is the actual arrival of EoL or groundbreaking Windows 11 features that you simply can't get elsewhere. But I do believe that the latter will take some time, so until then, let's welcome the age of the new Windows 7. Have you upgraded to Windows 11 yet? If yes, what compelled you to upgrade? If no, what are the reasons behind choosing to be a remainer? Let us know in the comments section below!
    • Dude, the "DEI hires" are not the cool team. The "DEI hires" could have been a good thing for everybody, but ultimately turned into a politically motivated rule, and politics are not cool.
  • Recent Achievements

    • Apprentice
      Wireless wookie went up a rank
      Apprentice
    • Week One Done
      bukro earned a badge
      Week One Done
    • One Year In
      Wulle earned a badge
      One Year In
    • One Month Later
      Wulle earned a badge
      One Month Later
    • One Month Later
      Simmo3D earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      604
    2. 2
      ATLien_0
      281
    3. 3
      +FloatingFatMan
      179
    4. 4
      Michael Scrip
      151
    5. 5
      Steven P.
      112
  • Tell a friend

    Love Neowin? Tell a friend!