Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virtualbox question


  • Please log in to reply
7 replies to this topic

#1 cwbytez

cwbytez

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:08:24 AM

Posted 18 April 2015 - 03:10 PM

Hi guys :)
I wanna ask if my virtualbox got infected what about my main system?
For Example
: I'm running windows 8 (main system) while windows 7 in virtualbox.and my virtualbox got infected,so my windows 8 infected too?

My native language isn't English,so please point out to me out if I make any grammar mistake :P (i'm not really good at english)


BC AdBot (Login to Remove)

 


m

#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 18 April 2015 - 03:14 PM

It depends if the malware has the capability to spread to other machines or not. What was the detection by the AV on the VM? Assuming that's how you detected it.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:24 AM

Posted 18 April 2015 - 03:15 PM

Hello there,

If you do not connect your virtual machine to the host machine via some other platform then the chance of the host getting infected from the VM is unlikely - VirtualBox VMs are used for malware testing and analysis all the time.

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:24 PM

Posted 18 April 2015 - 03:17 PM

Hi cwbytez :)

It doesn't work like that, only under certain circumstances. A VM is usually a part from the main OS, so it runs separately. What you do in a VM, shouldn't affect what you do on your main OS. However, it's possible for the infection inside a VM to exit it and infect the main OS. Without getting into many technical details, if you have any share features between the host OS and the VM, like clipboard, drag and drop, shared folders, shared network, etc. then the infection could escape the VM and infect the OS, or even the opposite. While this is possible, it's also extremely rare to encounter a malware like that since they are not really in the wild and are used for precise targets and certain conditions must be met so I wouldn't worry about it. However, it's still a viable possiblity.

Edited by Aura., 18 April 2015 - 03:17 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 PM

Posted 18 April 2015 - 04:18 PM

When providing the detection by the AV on the VM as Didier Stevens asked for, be sure to include the specific file(s) name associated with the malware threat and where it is located (full file path) on your system. The name of your AV product would also be helpful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 cwbytez

cwbytez
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:08:24 AM

Posted 20 April 2015 - 04:46 PM

Hi cwbytez :)It doesn't work like that, only under certain circumstances. A VM is usually a part from the main OS, so it runs separately. What you do in a VM, shouldn't affect what you do on your main OS. However, it's possible for the infection inside a VM to exit it and infect the main OS. Without getting into many technical details, if you have any share features between the host OS and the VM, like clipboard, drag and drop, shared folders, shared network, etc. then the infection could escape the VM and infect the OS, or even the opposite. While this is possible, it's also extremely rare to encounter a malware like that since they are not really in the wild and are used for precise targets and certain conditions must be met so I wouldn't worry about it. However, it's still a viable possiblity.


I see,
Thanks for the explaination Aura :)
And also to quietman7,alex and Didier Steven

Cheers!

My native language isn't English,so please point out to me out if I make any grammar mistake :P (i'm not really good at english)


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:24 PM

Posted 20 April 2015 - 06:47 PM

No problem cwbytez, our pleasure :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 PM

Posted 20 April 2015 - 06:51 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users