A Digital Age Deserves A Digital Leader

Virtual Machines and Viruses

Virtual Machines and Viruses

Postby sceaser » Fri Apr 04, 2008 9:38 pm

Im just curious about the power of worms , trojans and toolkits , and the use in a virtual machine environment. I want to do some more research is hacker tools and this would be an ideal test.
Any information on this idea would be appreciated.
Mainly I want to VM a windows 2003 server and use current "kiddie tools" to see changes to the kernel and other places ,

thanks sceaser
Main Rig Multiscreen^5_KVM+3 and Extra for Laptop, X4 AMD MSI Windows 7
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
PRO Level 2
User avatar
Posts: 49
Joined: Tue Dec 28, 2004 6:48 pm
Location: MARS

Postby ar1stotle » Sat Apr 05, 2008 12:51 am

So, you want to know whether or not viruses work in a virtual environment? Considering a virus is software side, they should work fine, and you would have a safe environment to test them in.
Image
Image
PRO BRONZE
User avatar
Posts: 3841
Joined: Sun May 16, 2004 1:59 am
Location: New Orleans, Louisiana

Sweet

Postby sceaser » Sat Apr 05, 2008 1:26 am

Yeah Safty is the main concern . If I load them into the virtual Machine , what
are the chances that it could replicate or infect the real machine ? , and Is norton or antivirus going to be mad at me or try and clean it from the VM?
Main Rig Multiscreen^5_KVM+3 and Extra for Laptop, X4 AMD MSI Windows 7
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
PRO Level 2
User avatar
Posts: 49
Joined: Tue Dec 28, 2004 6:48 pm
Location: MARS

Postby ar1stotle » Sat Apr 05, 2008 1:30 am

As long as you do it all from within the virtual machine, Norton outside the VM shouldn't have a problem unless it actively monitors the internet connection and notices stuff coming in. If that happens, you can probably just temporarily disable it, because since you're not running any code in the good windows installation you shouldn't have to worry about infection (but I wouldn't expect you'd have a problem).

Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine :yesnod:
Image
Image
PRO BRONZE
User avatar
Posts: 3841
Joined: Sun May 16, 2004 1:59 am
Location: New Orleans, Louisiana

Postby poisonbl » Sat Apr 05, 2008 1:36 am

ar1stotle wrote:As long as you do it all from within the virtual machine, Norton outside the VM shouldn't have a problem unless it actively monitors the internet connection and notices stuff coming in. If that happens, you can probably just temporarily disable it, because since you're not running any code in the good windows installation you shouldn't have to worry about infection (but I wouldn't expect you'd have a problem).

Basically, it comes down to where the software is being run. The virtual machine is like a box, and the virus or whatever doesn't know that it's in a box... it'll only modify code on hardware that doesn't physically exist... yea you can botch a virtual copy of windows but the good copy you're running the VM from should be fine :yesnod:


Emphasis always on "should be" of course, as all the best nasties are network oriented, so anything less than a *very* tightly controlled connection between the Host and the VM could open up a rather big mess for your host system. My first recommendation is to completely back up your host system somewhere nothing can touch it (DVD-R's are great for the job).
Image
Image
PRO Level 10
User avatar
Posts: 432
Joined: Mon Nov 15, 2004 10:02 pm
Location: WVU -- Morgantown, WV. -- USA (TZ: -5 hrs GMT, -4 DST)

Postby ar1stotle » Sat Apr 05, 2008 1:48 am

True, anything is possible, but it's more than just a network connection that's separating the VM from the host.
Image
Image
PRO BRONZE
User avatar
Posts: 3841
Joined: Sun May 16, 2004 1:59 am
Location: New Orleans, Louisiana

Postby poisonbl » Sat Apr 05, 2008 1:58 am

ar1stotle wrote:True, anything is possible, but it's more than just a network connection that's separating the VM from the host.


That depends entirely on how the pair are configured, if it's anything like any other VM I've worked with, it's either default, or trivial to configure the VM to use either an internal "crossover"-like connection, or (and worse in this case, as it threatens the whole network the host is on even more immediately) share the hosts LAN connection in some way that allows the VM to appear transparently as another system. While there's more than just the LAN involved, the LAN could, and quite likely would, be the path of least resistance for the VMs various infections to make their way back into the wild.
Image
Image
PRO Level 10
User avatar
Posts: 432
Joined: Mon Nov 15, 2004 10:02 pm
Location: WVU -- Morgantown, WV. -- USA (TZ: -5 hrs GMT, -4 DST)

Postby sceaser » Sat Apr 05, 2008 3:13 am

You guys have been great , I think Ill use a VM on a " seperate machine" from my LAN to do my testing just to make sue I dont let some nasties in to da real world :)
Maybe with another Real machine usin somthing like Norton Internet protection to watch and learn , to see if any little bugs try to multiply throught the VM LAN to other machines :)
Main Rig Multiscreen^5_KVM+3 and Extra for Laptop, X4 AMD MSI Windows 7
Moblie Hp NX7400 Ubuntu
Mini Hp Ubuntu
Server Custom X6 AMD Linux Server
Server Hp Proliant X4x2 Linux Server
3X Dell Dual Core 3.0GHZ Linux Server
PRO Level 2
User avatar
Posts: 49
Joined: Tue Dec 28, 2004 6:48 pm
Location: MARS

Postby imnuts » Sat Apr 05, 2008 3:20 am

I don't know about microsoft's virtual machine software, but with VMWare, you can enable and disable the virtual LAN adapter so that the virtual computer doesn't have a network connection.
Image
PRO SUPREME
User avatar
Posts: 7457
Joined: Wed Mar 24, 2004 5:19 am
Location: Boothwyn, Pennsylvania
Real Name: Mark

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 4 guests

cron
cron