Virtual Machines and Viruses
9 posts
• Page 1 of 1
Virtual Machines and Viruses
Im just curious about the power of worms , trojans and toolkits , and the use in a virtual machine environment. I want to do some more research is hacker tools and this would be an ideal test.
Any information on this idea would be appreciated.
Mainly I want to VM a windows 2003 server and use current "kiddie tools" to see changes to the kernel and other places ,
thanks sceaser
Main Rig Multiscreen^5_KVM+3 and Extra for Laptop, X4 AMD MSI Windows 7
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
Sweet
Yeah Safty is the main concern . If I load them into the virtual Machine , what
are the chances that it could replicate or infect the real machine ? , and Is norton or antivirus going to be mad at me or try and clean it from the VM?
are the chances that it could replicate or infect the real machine ? , and Is norton or antivirus going to be mad at me or try and clean it from the VM?
Main Rig Multiscreen^5_KVM+3 and Extra for Laptop, X4 AMD MSI Windows 7
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
As long as you do it all from within the virtual machine, Norton outside the VM shouldn't have a problem unless it actively monitors the internet connection and notices stuff coming in. If that happens, you can probably just temporarily disable it, because since you're not running any code in the good windows installation you shouldn't have to worry about infection (but I wouldn't expect you'd have a problem).
Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine
Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine
ar1stotle wrote:As long as you do it all from within the virtual machine, Norton outside the VM shouldn't have a problem unless it actively monitors the internet connection and notices stuff coming in. If that happens, you can probably just temporarily disable it, because since you're not running any code in the good windows installation you shouldn't have to worry about infection (but I wouldn't expect you'd have a problem).
Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine
Emphasis always on "should be" of course, as all the best nasties are network oriented, so anything less than a *very* tightly controlled connection between the Host and the VM could open up a rather big mess for your host system. My first recommendation is to completely back up your host system somewhere nothing can touch it (DVD-R's are great for the job).
- poisonbl
- Posts: 432
- Joined: Mon Nov 15, 2004 10:02 pm
- Location: WVU -- Morgantown, WV. -- USA (TZ: -5 hrs GMT, -4 DST)
ar1stotle wrote:True, anything is possible, but it's more than just a network connection that's separating the VM from the host.
That depends entirely on how the pair are configured, if it's anything like any other VM I've worked with, it's either default, or trivial to configure the VM to use either an internal "crossover"-like connection, or (and worse in this case, as it threatens the whole network the host is on even more immediately) share the hosts LAN connection in some way that allows the VM to appear transparently as another system. While there's more than just the LAN involved, the LAN could, and quite likely would, be the path of least resistance for the VMs various infections to make their way back into the wild.
- poisonbl
- Posts: 432
- Joined: Mon Nov 15, 2004 10:02 pm
- Location: WVU -- Morgantown, WV. -- USA (TZ: -5 hrs GMT, -4 DST)
You guys have been great , I think Ill use a VM on a " seperate machine" from my LAN to do my testing just to make sue I dont let some nasties in to da real world
Maybe with another Real machine usin somthing like Norton Internet protection to watch and learn , to see if any little bugs try to multiply throught the VM LAN to other machines
Maybe with another Real machine usin somthing like Norton Internet protection to watch and learn , to see if any little bugs try to multiply throught the VM LAN to other machines
Main Rig Multiscreen^5_KVM+3 and Extra for Laptop, X4 AMD MSI Windows 7
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests