Jump to content

Virtual machine for malware analyzing


Recommended Posts

There are a lot of virtual machines from different vendors(VirtualBox, Hyper-V, VMware Workstation, etc.). Since 2017 most of malwares have virtual machine checking, if malware detects that it is runned on virtual machine it doesn't do any malicious actions. Which virtual machine is the most difficult for detecting that it's virchual machine is for malware?

Link to comment
Share on other sites

  • Administrators

Any hypervizor can be detected by malware. You'd need to run a customized system to minimize the chance of vm detection.

Link to comment
Share on other sites

3 hours ago, Kristal said:

What is it?

A separate stand-alone PC just used to test malware. This PC should be totally isolated from your existing home network but should have Internet connectivity.

After setting up the device, your first step is to create a backup image of your existing Win system. If malware does infect this test system, you can restore the system using the backup image. Standard procedure would be to restore from the backup image after completing a malware test  session. Also, as Windows and Eset updates occur, a new backup image needs to be created.

Of note here is you would have to purchase an additional Win 10 license for the test machine.

Link to comment
Share on other sites

16 hours ago, itman said:

A separate stand-alone PC just used to test malware. This PC should be totally isolated from your existing home network but should have Internet connectivity.

After setting up the device, your first step is to create a backup image of your existing Win system. If malware does infect this test system, you can restore the system using the backup image. Standard procedure would be to restore from the backup image after completing a malware test  session. Also, as Windows and Eset updates occur, a new backup image needs to be created.

Of note here is you would have to purchase an additional Win 10 license for the test machine.

Can a malware which I will run on virtual machine infect my own system?

Link to comment
Share on other sites

4 hours ago, Kristal said:

How to avoid that?

The answer is obvious. Don't use a VM to test malware.

If you do use a VM, ensure you have a current Win image backup taken prior to performing any malware testing was first initiated. You can then restore your Win installation from the image backup.

BTW - as far as Win image backup, you want to use imaging software that can backup the entire drive where Windows is installed. This will protect you against MBR/UEFI malware plus advanced malware that can hide in unallocated drive areas.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members

The problem is any system is vulnerable. 

As ITman had suggested, the best way is to use an actual computer. A separate physical computer is better, the more airtight the better. Although there are risks if the 2 are on the same network 

Link to comment
Share on other sites

  • 2 weeks later...
On 7/25/2022 at 9:00 PM, itman said:

A separate stand-alone PC just used to test malware. This PC should be totally isolated from your existing home network but should have Internet connectivity.

After setting up the device, your first step is to create a backup image of your existing Win system. If malware does infect this test system, you can restore the system using the backup image. Standard procedure would be to restore from the backup image after completing a malware test  session. Also, as Windows and Eset updates occur, a new backup image needs to be created.

Of note here is you would have to purchase an additional Win 10 license for the test machine.

This is a scenario in which malware escapes a container like a wild animal. I would recommend isolating the device you are working on from the network and other systems until you have rolled back the image to a known good state. You still have a small chance of it being present somewhere, but it is far less likely than a vm escape. I typed all of that, but it's really a risk management scenario. Do whatever makes you feel at ease. You'll never be able to anticipate every possibility.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...