Malware no longer avoiding virtual machines

Status
Not open for further replies.
Malware has been escaping VM's for years. Just the Mac users are not fully malware free anymore.
 
One of the reasons I run binary instrumentation whenever I test malware under a virtual machine so I can see at a glance whether or not it's decrypted it's payload or whether it's simply waiting.

I do get tired of seeing people constantly running malware samples blindly using process explorer and looking for new processes spawning instead of actually digging into the code. It's ok for a quick bare bones 'analysis' but you aren't going to learn much unless you look closer.
 
  • Like
Reactions: LABView707
True dat Cowpipe! Just because you throw 20 pieces of malware at a product does not mean you actually know what you are doing. More then half these videos are made by the younger generation and do not even take the time to learn the product or know its settings. If you wanna really test malware then pick yourself a used machine from a tag sale. Make a system image of it. Infect it all you want. Mount a new image when you are done testing. I picked up a tag sale pc for $50 with no HDD.
 
  • Like
Reactions: Cowpipe
Malware1 said:
Malware escaping VM's ? :eek:
Click to expand...

This is actually quite uncommon to see, as they are specific-coded piece of malware used to target specific people, organization, etc. but yes it's possible.
Just using the shared clipboard from a host system to a VM can get you infected.
 
  • Like
Reactions: Cowpipe and Malware1
The fun days of VM testing are over, or soon to be. Video reviewers who malware-test will now be constantly criticized about their methods. I stopped malware-testing in VM over 2 years ago. ;)

The difficulty with testing on a junk PC is trying to record it without spending anything or too much on recording equipment.
 
  • Like
Reactions: Deleted member 178, Cowpipe, Malware1 and 1 other person
Aura said:
This is actually quite uncommon to see, as they are specific-coded piece of malware used to target specific people, organization, etc. but yes it's possible.
Just using the shared clipboard from a host system to a VM can get you infected.
Click to expand...
I didn't mean this, I think @LABView707 misunderstood the article, it's about malware with Anti-VM features to prevent running on VM's, not about samples escaping VM's :)
 
  • Like
Reactions: Cowpipe
Malware1 said:
I didn't mean this, I think @LABView707 misunderstood the article, it's about malware with Anti-VM features to prevent running on VM's, not about samples escaping VM's :)
Click to expand...

AH alright, my bad. Yeah, it would actually surprise me if you didn't know about malware escaping VMs, haha !
Anti-VM features are easy to spot too and quite common in the samples I encounter.
 
  • Like
Reactions: Cowpipe and Malware1
No I did not miss read it.

"The fear is that malware will make its way back to the virtual machines' hosting server. That was the mission of the "Crisis" malware, a Java file distributed through social engineering which ran on Windows and Apple's OS X."

"As companies increasingly use VMs in operational environments, malware writers are largely trying other methods to avoid detection. It means that simply running VMs won't be enough to scare away malware."
 
  • Like
Reactions: Malware1
Just because you use a VM does not mean you will stay malware free after testing.
 
FreddyFreeloader said:
Any of our members had any malware jump from your VM to your host machine?
Click to expand...

If you Google it you will find it. if you wanna play with malware then be prepared to pay the price. I bet most of these YouTube malware videos would have some pissed of parents. Heck if I found out my child was using his pc or the family pc for malware testing I would ground him off of it for months. Then password lock it. A power on password like our work pc's.
 
  • Like
Reactions: Cowpipe and FreddyFreeloader
Status
Not open for further replies.

You may also like...