Need to test a SUPER-MALWARE. Please suggest a setup.

there is so much wrong with your post that i dont know where to begin

 

In that very OP, I also said,

 

A bootkit is a type of kernel-mode rootkit, not a part of your computer.

I'm still confused.

a) Where exactly did you get this? Testing it for a company? I'm just wondering where you got it and who told you it was antivm.

b) When you say antisandboxie and antivm do you mean that it breaks out of both of them? Or do you mean that it won't run in them? This may have been answered already.


If we're taking this magic bootkit to be real... and if I were to really nerd out about securing a system against a magic bootkit that HAD to be tested... than c)

c) The safest way would be to run a VM of some linux distro (that secure mint version thingy sounds fun) and then within that linux distro run a VM of Windows 7 and then simply secure Windows 7 however you like.

edit: If you really wanted to go nuts you could run the linux VM in VMWare and the Windows 7 VM in VirtualBox. I doubt they have the same vulnerabilities.

 

TBH I was mistaken and took it for something that could bypass vm. It cant as others have informed me. I am going to leave it at that and not waste my time with it. I infected myself by chance and got over-excited. I was wrong. Srry

 

Ok. No problem.

 

Well, don't feel so bad.. from what I've seen, TDL4 variants will even start a dhcp server, allowing it redirect downloads and attack your browser on every link you click (even if you are not yet infected).

In this way, it could very well bypass a VM, albeit in a very indirect way.. Don't forget that VM's can attack the host through network connection as well, and you don't need some clever anti-vm technology workaround for that. In the case of the TDL4 dhcp server, even a proper firewall would not protect you.

 

You could VM win 7. You can then use sandboxie in the VM. The host system would run something like Shadowdefender or deepfreeze. This is about as secure as you can get. Either that or get an old desktop with nothing on the drive and use that.

 

the OP said that the malware sample is virtual machine aware so that is out of the question, only way to do it is with a full disk image or a separate comp

 

I was hoping SteveTX would come in and educate us regarding the super malware that breaks out of all sandboxes and VM... and eludes every A/V...

 

Well it might be VM aware but its running in sandboxie, which should contain it. Even if it does get out and breaks out of the VM, it has to get into the main system and make it through shadow defender. I really find it hard to believe that it can get through all 3 barriers.

 

This topic is pretty much sorted. The topic creator was confused.

 

When was his promise date for this old POC?

 

No malware can escape of this combination:

BCWipe Total WipeOut (only disk wipe tool I know that also wipes the Host Protected Area)
+
flash BIOS
+
reset router and/or modem

 

I thought it was the end of June.. Maybe it was just so devastating that he couldn't release it to the public... Makes sense, as we can't have it bringing down the interwebs and all of our tubes..

 

LOL, knew it was BS. Wasn't he supposed to be banned if he doesn't fulfill that promise?

 

Maybe he is banned (temporarily)? I haven't seen him post here since it happened... He took a lot of heat for making a blatant and obvious lie, I would have sort of expected one of the mods to do it.. I can't even mention any form of bodily secretions without getting edited around here, so I'm betting that they took some form of action..

 

Agree with Peter, see how strange the question of the OP sounds when you put it in another context, eg. ice climbing and safety


"I must do some rock climbing, but have no knowledge on how to secure myself, what shall I use: leash, ice axe, crampons, helmet, , , parachute maybe. Does anyone has some tips in which order to apply?"

Suggestion: close thread

Thanks

 

Wing suit maybe?

 

Yeah good point kees. Kinda silly that he needs to know how to test "super malware" I'm self taught and even I know that you should only take on what you know or what you fear. If something scares the Cr*p out of you, then you shouldn't be playing around with it.

 

Fantastic suggestion....

Thanks.

 

I strongly suggest that you do not test malware on anything except a completely separate unit that is not connected to the rest of your network. Anything less is taking a risk, IMO an unnecessary and unjustifiable one. If you don't have a separate PC, wait until you can get one. Quite often you can find a used PC in a yard sale or a resale shop very cheap.

 

Enjoyable thread. But I have to ask this,,,with all the references to garbage breaking through Sandboxie, have there been any instances of this lately?
Thanks.
Hugger

 

So if your pc does get infected by this tdl4 malware ,how do you get your pc working again?.I mean will the imaging programs like macrium,shadow protect etc that can restore original mbr work? or will the malware somehow defeat them too?
ellison

 

TDL4 can be removed (apparently) by Hitman Pro 3.5.9. I would never assume that my security measures stopped any malware that got onto my computer, though your methods would likely prevent the rootkit from taking hold.

 

Of course restoring the original MBR along with an uninfected image works. AV Rescue CDs also work.