Malware no longer avoiding virtual machines

[LABView707]

This is why using a VM does not mean a thing. Keeping a clean system image handy or else using a junk pc is a far better choice.

http://www.infoworld.com/d/security/malware-no-longer-avoiding-virtual-machines-248241

 

[LABView707]

Malware has been escaping VM's for years. Just the Mac users are not fully malware free anymore.

 

[Cowpipe]

One of the reasons I run binary instrumentation whenever I test malware under a virtual machine so I can see at a glance whether or not it's decrypted it's payload or whether it's simply waiting.

I do get tired of seeing people constantly running malware samples blindly using process explorer and looking for new processes spawning instead of actually digging into the code. It's ok for a quick bare bones 'analysis' but you aren't going to learn much unless you look closer.

 

[LABView707]

True dat Cowpipe! Just because you throw 20 pieces of malware at a product does not mean you actually know what you are doing. More then half these videos are made by the younger generation and do not even take the time to learn the product or know its settings. If you wanna really test malware then pick yourself a used machine from a tag sale. Make a system image of it. Infect it all you want. Mount a new image when you are done testing. I picked up a tag sale pc for $50 with no HDD.

 

[Malware1]

Malware has been escaping VM's for years. Just the Mac users are not fully malware free anymore.

Malware escaping VM's ?

 

[Aura]

Malware escaping VM's ?

This is actually quite uncommon to see, as they are specific-coded piece of malware used to target specific people, organization, etc. but yes it's possible.
Just using the shared clipboard from a host system to a VM can get you infected.

 

[Ink]

The fun days of VM testing are over, or soon to be. Video reviewers who malware-test will now be constantly criticized about their methods. I stopped malware-testing in VM over 2 years ago.

The difficulty with testing on a junk PC is trying to record it without spending anything or too much on recording equipment.

 

[Malware1]

This is actually quite uncommon to see, as they are specific-coded piece of malware used to target specific people, organization, etc. but yes it's possible.
Just using the shared clipboard from a host system to a VM can get you infected.

I didn't mean this, I think @LABView707 misunderstood the article, it's about malware with Anti-VM features to prevent running on VM's, not about samples escaping VM's

 

[Aura]

I didn't mean this, I think @LABView707 misunderstood the article, it's about malware with Anti-VM features to prevent running on VM's, not about samples escaping VM's

AH alright, my bad. Yeah, it would actually surprise me if you didn't know about malware escaping VMs, haha !
Anti-VM features are easy to spot too and quite common in the samples I encounter.

 

[LABView707]

No I did not miss read it.

"The fear is that malware will make its way back to the virtual machines' hosting server. That was the mission of the "Crisis" malware, a Java file distributed through social engineering which ran on Windows and Apple's OS X."

"As companies increasingly use VMs in operational environments, malware writers are largely trying other methods to avoid detection. It means that simply running VMs won't be enough to scare away malware."

 

[LABView707]

Just because you use a VM does not mean you will stay malware free after testing.

 

[Oxygen]

Well this is 2014 and malware is getting more advanced every year.

 

[FreddyFreeloader]

Any of our members had any malware jump from your VM to your host machine?

 

[MalwareT]

Any of our members had any malware jump from your VM to your host machine?

I do

 

[FreddyFreeloader]

I do

Speaking from experience?
What software were you using?

 

[MalwareT]

Speaking from experience?
What software were you using?

I forgot to set to "Read Only" for shared folder, malware jumped from vm to host ,Avast! caught it.

 

[LABView707]

Any of our members had any malware jump from your VM to your host machine?

If you Google it you will find it. if you wanna play with malware then be prepared to pay the price. I bet most of these YouTube malware videos would have some pissed of parents. Heck if I found out my child was using his pc or the family pc for malware testing I would ground him off of it for months. Then password lock it. A power on password like our work pc's.

 

[FreddyFreeloader]

I forgot to set to "Read Only" for shared folder, malware jumped from vm to host ,Avast! caught it.

So, it was pilot error then?

 

[MalwareT]

So, it was pilot error then?

Yeah, malware didnt done any harm. (VBS worm)