Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running old viruses in Vmware / Would can I do?


  • Please log in to reply
6 replies to this topic

#1 BoldStep

BoldStep

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 23 January 2016 - 09:11 PM

So I installed VMware Workstation Player and want to mess around with running old malware from Windows 98 to XP. But I know there are vulnerabilities and exploits where it can find its way to my host, so I want to have as much safety as possible to keep it from spreading to my host computer or any other running on the same network.

 

So what can I do to keep it spreading to my host?

 

My host has an antivirus and a firewall, while the guest doesn't.

 

I can turn off shared folders and keep the network to NAT (Or disconnect it entirely).

 

No, I don't have any malware on my host, I simply want to have fun and mess around with old viruses.

 

Cheers!



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:58 PM

Posted 23 January 2016 - 09:26 PM

Hmm, disabling shares and network access entirely wouldn't be bad for starters. Definitely make sure your host is fully patched and install the latest VMWare Tool on both sides. I would backup your host for sure to be safe. I've not had anything break out from a VM, but you never know. I wouldn't honestly expect a virus from 98/XP era to try breaking out; did VMs even exist back then? :P

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 24 January 2016 - 01:13 PM

Disable or remove the virtual network adapter.

 

Do not install the VMware tools in the guest, this will restrict interactions with the host.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:58 PM

Posted 24 January 2016 - 02:10 PM

Disable or remove the virtual network adapter.

 

Do not install the VMware tools in the guest, this will restrict interactions with the host.

 

Ah, I was thinking the reverse.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 24 January 2016 - 02:18 PM

Well, the VMware tools are there to facilitate the interactions between host and guest. If you don't install the VMware tools, it will make the interactions a bit more difficult.

And I guess that is the goal of the OP.

 

For example: drag-and-drop between host and guest requires VMware tools to be installed in the guest. If you don't install VMware tools, you can drag-and-drop a virus by mistake from the guest to the host.

 

As an added bonus: there is malware that detects VMs and behaves differently inside a VM. Some of the VM-aware malwares base their detection on the presence of VMware tools. So if you don't install the tools, those malwares will not change their behavior.


Edited by Didier Stevens, 24 January 2016 - 02:23 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:58 PM

Posted 24 January 2016 - 03:15 PM

Ah, makes sense. I'm not sure where I was thinking that having the tools installed added security; I guess I've not really used them past the drag-and-drop and synchronizing clipboards.

 

I'll throw in making an image backup of the host before infecting the guest, and unplugging the backup drive to be extra cautious. Then, should something really go wrong, you can just re-image your host.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 AM

Posted 24 January 2016 - 03:20 PM

Indeed, clipboard synchronization is another risk, for example if the malware is an info-stealer that reads the clipboard.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users