Jump to content

VirtualBox


Comprev
 Share

Recommended Posts

But then you're defeating the purpose and preventing Malware from getting on the box. Regardless - just need to have backups of data and be careful. If something like Virut got out and attacked your real box then you'd really be sorry you ever played with it.

Maybe he means to have the software on the real box. Then it could protect your computer if the malware somehow got out of the VM.

Link to post
Share on other sites

  • 2 weeks later...
Implementing malware with virtualization Leveraging virtualization technologies, researchers have also demonstrated the potential of implementing virtualization-based malware [39, 53, 58]. King et al. [39] proposes the notion of VMbased rootkit (VMBR) which can be dynamically inserted underneath an existing OS. Rutkowska et al. [53] further implements a hardware virtualization-based rootkit prototype called
Link to post
Share on other sites

Use Sandboxie and Returnil as with more barriers the more tricks malware require for successful impact. Virtualbox should be sandboxed and Returnil beforehand for instant virtulization and roll back. ;) Malware can escape returnil, but with Virutalbox sandboxed it's highly unlikely it will get to that point. :)

Link to post
Share on other sites

Most likely yes. Even Returnil cannot prevent bypassing its virtualization and removal features. Once a rootkit gains certain privileges or kernel level it would out of extreme luck to rid of. I would like to see a test where a rootkit was removed after dropped changes with Returnil.

Link to post
Share on other sites

I want to use VirtualBox or some other virtual machine to test malware. Is it safe, as in, can the malware escape from the virtual machine?

Thanks,

Comprev

Why would you want to put your computer at risk by testing malware?

Are you a security specialist of some sort?

Its bad enough that malware is lurking ready to infect without inviting it straight in and messing with it.

Whateestver rocks your boat i suppose but it seems very irresponsible to"test malware"

regards.

Link to post
Share on other sites

Most likely yes. Even Returnil cannot prevent bypassing its virtualization and removal features. Once a rootkit gains certain privileges or kernel level it would out of extreme luck to rid of. I would like to see a test where a rootkit was removed after dropped changes with Returnil.

yes i would like to see that also.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.