Set up VirtualBox for malware analyzing?

[high6]

I wanna get into malware analyzing with a virtual box but I have a few questions.

What are some things I should/shouldn't do with the virtual machine that might make it secure/insecure?

Will installing guest additions make the virtual box insecure?

Will having a shared folder with read only permission make it insecure?

And what are some things I should know about VirtualBox before I debug malware?

[lena151]

Basics are:

*Pull out internet connection.

*Reset VM after done reversing.

However, you'll find it's pretty useless to try in VM because most of the recent malware will exit due they detect virtual machines and assume debugging.

lena151.

[high6]

Basics are:

*Pull out internet connection.

*Reset VM after done reversing.

However, you'll find it's pretty useless to try in VM because most of the recent malware will exit due they detect virtual machines and assume debugging.

lena151.

Is it possible to backup the VM?

Also couldn't I force it to run in VM?

Edited June 7, 2008 by high6

[TiGa]

If you have to ask those questions, it's probably better to forget about the whole malware thing.

If it was shown on TV, they would have to say: "Kids, don't do this at home".

Getting infected is the best way to learn the hard way what not to do, so here are a few tips anyway.

Additions are usually a must.

They modify the OS to run better in the VM.

Disable the virtual network adapter.

It will kill local network and internet and everything else that you could forget.

Don't ever use their own internal directory sharing or whatever they call it.

VMWare is insecure there.

Network sharing is ok when starting from a 100% clean image to set up your VM.

It will disappear when you disable completely the virtual network adapter.

Whatever is in the VM dies there, don't ever transfer anything back to the host pc.

TiGa

[high6]

If you have to ask those questions, it's probably better to forget about the whole malware thing.

If it was shown on TV, they would have to say: "Kids, don't do this at home".

Getting infected is the best way to learn the hard way what not to do, so here are a few tips anyway.

Additions are usually a must.

They modify the OS to run better in the VM.

Disable the virtual network adapter.

It will kill local network and internet and everything else that you could forget.

Don't ever use their own internal directory sharing or whatever they call it.

VMWare is insecure there.

Network sharing is ok when starting from a 100% clean image to set up your VM.

It will disappear when you disable completely the virtual network adapter.

Whatever is in the VM dies there, don't ever transfer anything back to the host pc.

TiGa

Okay, and to backup so I don't have to reinstall window 50+ times just backup the .VDI and when I want to restart just replace the original vdi with the backed up?

Its really simple malware that I want to analyze.

Edited June 7, 2008 by high6

[Loki]

There is a simple function for making making a copy of the VM.

[high6]

There is a simple function for making making a copy of the VM.

I didn't see one in sun VirtualBox. I'll look harder.

[evilcry]

VirtualBox is a nice and light VM but is a "new born" so it isn't enough Robust (Fault Tollerant), and you

could encounter defects with some devices, such as USB.

Use VMware, and make a Snapshot before beginning the analysis.

Remember also that there are many Mw which implements anti-VM tricks, be aware of that!

Regards,

Evilcry

[GEEK]

the safest way is to do it on a seperate machine. virtualboxes are not 100% foolproof

Edited June 9, 2008 by GEEK