- Jan 14, 2015
- 1,793
The purpose of this thread is two fold: To share one's experience and to raise user awareness to both members of MT and guests.
A few days ago, after being in contact with WinPatrol, I decided to test out their WinAntiRansom program against some nasties. I followed their guide for configuration, just to ensure I did not miss anything.
So I fired up the VM using VirtualBox and because I was moving stuff around, I had a partition from my host mapped to the VM. Once I done moving everything, I unmapped the connection to the D drive in this case and rebooted the VM twice, just to ensure it was fully isolated from Host.
I then fired up a variant of Tesla. VM was infected, and I was takings screenshots when I noticed that the folder that was previously mapped and unmapped was still mapped. I immediately disconnected the VM and halted the test. Sadly, nearly 70% of the D drive was infected. Sadly, the tesla variant I was testing cannot be decrypted.
This would be the first time in over 10 years an infection was present in my Host system, albeit partially.
The damage at first glance wasnt serious since D drive is actually backed up twice on my eHDDs, however a further inspection revealed that I did not backup work material (docx/xlsx files). Those files were gone. Other files were just random wallpapers and archive files.
The system itself has been isolated from Internet after the incident for 48 hours, so that I could be sure nothing was present/remaining.
Updated backups have been done, backup setup settings also done and system fully back online.
Moral of the story: due to a possible bug/glitch with VirtualBox + Human Error on my part, infection spread out to Host, due to a drive from host being mapped on the test VM. So, ensure that VM is fully isolated from Host prior to do any testing and always ensure you have up to date backups.
I am not ashamed to tell what happened and I do encourage other users to share their stories on their last infection(s).
Since then I have also retired from doing Malware Testing. I do test security products still but not their prevention/detection features anymore.
On a side note: I have documented the issue to WinPatrol via email accordingly.
Thank you in advance for reading and sharing your stories.
Inkurax
A few days ago, after being in contact with WinPatrol, I decided to test out their WinAntiRansom program against some nasties. I followed their guide for configuration, just to ensure I did not miss anything.
So I fired up the VM using VirtualBox and because I was moving stuff around, I had a partition from my host mapped to the VM. Once I done moving everything, I unmapped the connection to the D drive in this case and rebooted the VM twice, just to ensure it was fully isolated from Host.
I then fired up a variant of Tesla. VM was infected, and I was takings screenshots when I noticed that the folder that was previously mapped and unmapped was still mapped. I immediately disconnected the VM and halted the test. Sadly, nearly 70% of the D drive was infected. Sadly, the tesla variant I was testing cannot be decrypted.
This would be the first time in over 10 years an infection was present in my Host system, albeit partially.
The damage at first glance wasnt serious since D drive is actually backed up twice on my eHDDs, however a further inspection revealed that I did not backup work material (docx/xlsx files). Those files were gone. Other files were just random wallpapers and archive files.
The system itself has been isolated from Internet after the incident for 48 hours, so that I could be sure nothing was present/remaining.
Updated backups have been done, backup setup settings also done and system fully back online.
Moral of the story: due to a possible bug/glitch with VirtualBox + Human Error on my part, infection spread out to Host, due to a drive from host being mapped on the test VM. So, ensure that VM is fully isolated from Host prior to do any testing and always ensure you have up to date backups.
I am not ashamed to tell what happened and I do encourage other users to share their stories on their last infection(s).
Since then I have also retired from doing Malware Testing. I do test security products still but not their prevention/detection features anymore.
On a side note: I have documented the issue to WinPatrol via email accordingly.
Thank you in advance for reading and sharing your stories.
Inkurax
Last edited: