can virtual box fail while testing malware ?

hi....i recently set a vm via virtual box running xp pro...now i can't resist the temptation to test malware...but i am apprehensive....
1. is there a probability/possibility of virtual box failing and a damage to my host pc?
2.should a novice be undertaking such adventures?
3.several rar archives are floating around the net containg malware samples but all point that real time protection of av has to be paused to effectively download...um mmm i kown this is puerile but is it advisable to do so.....

 

Only if there is a vulnerability in virtualbox and the virus knows how to expose it. According to Secunia, there aren't reported vulnerabilities in the 2.0.x versions.

 

I'm only a novice and i do such things quite often. Just make sure you take all necessary precautions like backing up your system and important data. Hope for the best but prepare for the worst is my philosophy .

 

I agree with the above folks to prepare for failure worst case senario.IMO take practice runs of images recovery make sure they work before hand or better yet leave the malware alone.

 

There are still potential security problems one should deal with before purposely infecting a VM with malware, wheter it's virtualbox, vmware...

One thing that comes to my mind is the network. The most secure thing would be to shut down the virtual network, but then some malware may not work because they download trojans etc. from the internet. The reason you should be careful with the network is that the malware can propagate to other machines (non-virtual) through the network, e.g. by taking advantage services with open ports, and maybe they even have remote vulnurabilities.

So be sure that the network is as secure as possible, both on the host machine and on other computers available in the LAN. A firewall is probably useful, but on the host machine there is a problem: several firewalls seems to only filter physical network traffic, and not traffic on the virtual bridged NICs or NAT'ed network that the VM provides. So be sure to check this with a port scanner from the virtual machine!

Another dangerous thing with VMs is all the host integration tools they provide. So if you're gonna test malware, you should probably enable as little as possible of this stuff , because they can make it easier for the VM to access info on the host, through shared folders, clipboard integration etc.

 

hello.......i have a router with kis2009 on my host pc and use returnil while accessing vm should I have another FW on vm and maybe use sandboxie too...

 

As has been stated,it's wise to run the host system virtualised using Returnil or similar,as an added protection,in the very unlikely event that a malware sample escapes Virtualbox.

 

The only way to be truly safe when testing malware is to use a separate PC set up for this purpose, preferably one you don't value too much. It absolutely should not contain any important or personally identifiable data. Regarding the safety of relying on virtualbox or any other type of containment or virtualization software, the best that can be said is that they're safe at the moment. That doesn't mean they will stay that way. The more popular these types of software become, the more they'll be targeted. Eventually, someone will find a way to break out of them, they'll get patched, and the process will repeat.

I don't know if you have anything specific in mind when you say "test malware". Be aware that some malware can detect when it's being run in a virtual environment or sandbox and will not reveal its true nature under those conditions. It's only when it detects that it's on a real system that it can infect that it will do what it was designed to. This is partly to make them difficult to capture and analyze and partly to infect those who test software on a virtual system before they install on their real system.

Regarding:
should a novice be undertaking such adventures?
Are you a novice with malware or computers in general? Everyone who tests malware was a novice at it when they started. If you're a novice with computers in general, you're looking for trouble. Without a basic knowledge of how Windows works, how the internet works, basic security, etc, there's no way to do any meaningful testing.

Regarding disabling or pausing the AV, an AV will interfere with malware testing. They're supposed to catch the malware and prevent it from running. Your statement regarding the AV leads me to believe that you don't understand the basics well enough to do any meaningful testing. That said, under the right conditions, testing malware can give you quite an education about the inner workings of Windows. I strongly suggest using a separate PC for this. A used one that meets the minimum requirements of the OS is all you really need. Pick up a backup program that can restore your system from an image and learn to use it first. Make a full backup of the OS while it's clean and complete. Make sure the image will restore properly. Don't connect this PC to any network with other PCs on it. Some malware will spread over a network and infect every PC that's vulnerable. Once you have a testbox built and isolated from other PCs, then you can launch any malware you want to on that PC for whatever kind of testing you want to do.