Online paymemt

[TheMalwareMaster]

Good morning, soon I'm Going to do an online payment on Amazon, and i have a question... The pc from which I'm going to do it of course is not infected, but I use the same network to do malware testing in the malware hub (virtual machine in a separate PC). Should I worry about something for the network?

 

[Venustus]

Good morning, soon I'm Going to do an online payment on Amazon, and i have a question... The pc from which I'm going to do it of course is not infected, but I use the same network to do malware testing in the malware hub (virtual machine in a separate PC). Should I worry about something for the network?

If the other is Vm'd I would not really worry,however I would be wary about networked pc's period,especially if you are testing malware on the same "network"!!
Just my personal opinion of course!!

 

[Smith83]

Use Paypal, it is the only way I spend online.

 

[safe1st]

No. Dont worry

 

[LabZero]

The main problem are the network clients: PCs connected to the same home local network.
A malware could infect this client if it spreads via network.
But in your case, using a VM well configured without connections to the host, the chances that a malware can access the local network are very low.

 

[hjlbx]

There is such a thing as virtual machine network bypass that could cause infection\data theft.

I believe there were cases where worms bypassed VM and infected networking.

I don't pretend to know anything about VMs since I don't use any - so I know virtually nothing about the specifics of VM networking and its vulnerabilities - but I do know that @Klipsh or @Umbra know much more about it than I.

I do know it is recommended to isolate VM networking and not allow it to have direct access to a physical network adapter: Virtual network security

I am not expert on this topic; I just read infos with interest.

 

[TheMalwareMaster]

Thank you guys, is there a way to check if everything is ok in my network? In this period I logged in different websites and didn't have any problem about credentials stealing, I wasn't hacked

 

[LabZero]

Thank you guys, is there a way to check if everything is ok in my network? In this period I logged in different websites and didn't have any problem about credentials stealing, I wasn't hacked

What do you mean by network? The internet?
The router may be infected for example with DNS changer or other similar malware but this is not related to tests performed with the VM for the reasons I said above.

 

[TheMalwareMaster]

What do you mean by network? The internet?
The router may be infected for example with DNS changer or other similar malware but this is not related to tests performed with the VM for the reasons I said above.

I was meaning the router, I only did tests in VM (virtual box default settings) so I should be safe. Just to be sure I will reset my router and check the computer again with second opinion scanners
Thank you

 

[TheMalwareMaster]

The router may be infected for example with DNS changer

But, if the modem was infected with dns changer i should have noticed that (weird browser redirections) There is no way a keylogger could install into the modem and steal information right?

 

[LabZero]

But, if the modem was infected with dns changer i should have noticed that (weird browser redirections) There is no way a keylogger could install into the modem and steal information right?

When we use a router configured in NAT, the same network connection is shareable and useable simultaneously from multiple systems and all routers available in the market today, allow their configuration through a web interface, accessible by typing 192.168.0.1 and 192.168.1.1 in my case, as local IP address.

Some interfaces for management of routers, however, have vulnerabilities that expose to attacks XSS, CSRF, command injection or based on an insecure authentication procedure.
In the case of routers with a web administration interface vulnerable, an attacker may be able to change the DNS server, inserting arbitrary IP, simply causing the upload, for example using simple JavaScript code, of a local URL that asks the router to alter the DNS.
So by entering JavaScript code on any website the attacker might be able to edit the DNS on the router. The attack is effective, of course, only on vulnerable routers and that's why I absolutely recommend to regularly check the firmware updates but without being paranoid.

In online transactions it is advisable to have an anti keylogger that can encrypt your keystrokes, Zemana Antilogger free is a good choice.

 

[Rishi]

1. Destroy the current machine and destroying the NAT adapter also in the process, restore to a clean machine.
2. Close VM.
3. Scan your OS and networked devices for malware traces.
4.If everything is clean, reset your router as said above.
5. Clear all the browser cache and flush DNS using ipconfig /flushdns
6. Make sure network protection is ON in your security softw.
7.Use safe banking module/browser of a well known AV vendor for payments.
8. Do not use copy/paste if possible use drag n drop passwords and employing antilogger for the rest of the transactions.
(If you are really paranoid you can also use a free VPN like softether)

Or
Simply use another connection/ use cashcards/ cash on delivery or other payment methods if available.

 

[jamescv7]

You should not be easily infected at all unless its an accident. Why? Because VM's are already configure to be NAT and isolated to its unique physical address so network communication should not be problem anywhere.

Worms will be your primary enemy when network configuration turns to be problem because the rate of symptoms is faster due to open line.

 

[TheMalwareMaster]

Paymemt was done and everything was fine