Can a virus spread from the virtual machine to host machine?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
can viruses really spread from virtual machine to the host machine the question gets asked so many times but everybody usually gives an answer instead of showing the demonstration so today i'm going to be showing you a demonstration using my own virtual machine and my horse machine both are windows machines so there is a likelihood of the viruses can spread because i am using the same operating systems the video is going to be a bit long in order for me to give the malware some time to become rooted into my machine though i will not be running the virus with administrative privileges [Music] i'm going to open malwarebytes to make sure that the real-time protection for my host system is turned on this is due to the fact that i do not want to run the risk of infecting my real machine host machine it's better to be cautious than sorry in this situation as you can see the real time protection is activated meaning we are free to proceed i'm going to start by launching the windows virtual machine on my computer but first let's check if the real time protection is working by visiting a malware infected website please don't try this if you don't want to open your machine to malware infections malware is the short form of malicious software so as you can see this website has been blocked by our real-time protection so we can proceed to our virtual machine i'm going to be putting various websites through their paces to see if they have malware on them let me see if we can locate any malwarebytes software that has been cracked and if any of the websites are worth visiting as a result of our search if you have downloaded any of these programs from any of these websites please scan your computer and uninstall the software from the control panel thank you for your cooperation if you are unable to eliminate the viruses that are being blocked you might get assistance from someone who is knowledgeable about computers in order to do so we should hop right into this virtual computer and get to work doing what we came to do here is my virtual machine it will take some time to load because i am going to open it up right now therefore i'll skip this section and return after it has finished loading you should double check after opening it to ensure that you are not sharing any folders with your primary computer as this would provide a vector for the virus to spread in the event that you have any usb drives or other pcs linked to the same network as the one you are using to test the virus you should install malwarebytes or disconnect them until you are finished testing the virus using the same wi-fi network means that if a computer worm escapes from the virtual machine it will infect all of the devices connected to that network we've arrived my pc is currently infected with malware due to the fact that i had already installed it but i'm going to do it again so that you can see what the crack 4 pc website is offering you for me i decided to install the 4k video download a cracked version but instead of receiving what i had hoped for i received a slew of trojans that were downloaded into my computer as a result of installing the 4k video downloader malware in order to determine what type of files were dumped onto my computer i will navigate to my local disk users your name app data local then temp folder to see if any executable files have been thrown onto my machine this folder should not include any executable files based on what i know about the contents of this folder however because this is malware it isn't concerned with following the rules app data is a hidden folder so you will have to unhide it by clicking view then tick the hidden item at the right most as you currency the temp folder is full of executable files that were not there before i installed the 4k video downloader so the first thing which happens is that i have to start scanning these apps because they cannot be malware free i will use virus total and hybrid analysis first let's double check that the application that i installed was in fact installed correctly if the application was downloaded and installed on my computer it should be accessible through the control panel however i can see that the application is not listed in the control panel on this computer so it appears that the malware is performing some function behind the scenes informing me that i should reinstall it to see if it will appear in my control panel this time as a result let's get it done i'm going to install it for the second time keep an eye on what happens in the virtual machine i'm going to disable the real-time protection provided by malwarebytes but the real machine will continue to provide real-time protection i'm turning off real-time protection due to the fact that malwarebytes will quarantine the trojan immediately i try to execute it dot i want it to install without any interruptions so that you can see that this is not a legitimate software but rather a ruse to trick you into thinking it is this is simply a trojan horse with a convincing app icon in order to trick you into thinking it is a legitimate program icon as a result malwarebytes prevents the malware from being installed on the first attempt i have to turn it off in order for the malware to be able to run in front of your very eyes in any case the last time i installed this malware i noticed that glasswire was running and informing me of my network activities this time the malware is active and the first step is to turn off my windows defender and glasswire security software the malware disables these two applications and fails to recognize that malwarebytes is also an antivirus program what a funny malware hahaha so let's allow glasswire to load so that we can determine whether it is turned off or still operational clearly glass wire has stopped functioning and i am not the one who has caused this to happen the malware took care of everything for me what a caring malware when attempting to reconnect glass wire fails because it has been blocked in this case i'm going to turn off the glass wire firewall and try to execute the malware again without real-time protection enabled currently i'm starting the virus installation process for a second time so here is the loading screen for your convenience the user account control is displaying us an orange backdrop which indicates that the program is not very safe to install and if you view the hidden information you will be able to see the installation route for the application in the meantime while i'm installing the virus let me try to launch virustotal in order to scan the application that i'm installing i have high hopes that it would work but i have serious doubts because the majority of malware prevents you from accessing the internet it is possible that it will take a long period to load dot it's almost 10 minutes past 9 but still virus total has not yet loaded since we started at 8 58 pm i wonder what the malware is doing yes now the malware is loading some command prompts on this virtual machine as you can see above the command prompt the file is called setup.exe this file is one of the many files that was dropped by this trojan dropper into my temp folder i cannot tell what is going on because there are no commands being displayed on the screen but something is going on because glass wire is off comma and also windows defender is off i wish glass wire was on in order for you to see what is happening on my network but it isn't you will have to bear with [Music] that as you can see my wi-fi is also off i'm not the one who disconnected it because my host machine is having wi-fi but the virtual machine doesn't have wi-fi that is the reason why virustotal is not loading the malware turned of the internet and i did not notice now here is where all the fun begins the first thing that happens is malwarebytes tries to inform me that my real-time protection is off after which i try to load some other pages instead of virustotal typing club type race and type rush i wonder why i cannot access the website yet my wi-fi is on now the malware is crashing those websites and does not allow me to visit any other website until it's done with what it's doing and i wonder what the malware is doing because it's turning off my wifi and then turning it on maybe it's trying to set up things before it turns on the wi-fi and then downloads more trojans from the server of the hacker and i was right that is exactly what it was doing as you can see i have my internet back and malwa bytes is blocking stuff but how is malwarebytes blocking stuff and i turned it off this means it is not the malwarebytes belonging to my virtual machine it's my real malwarebytes that is doing the job does this mean that the trojans are getting downloaded onto my real machine i don't know maybe yes maybe no let's continue and see what is going to happen malwarebytes is continuing to block more threats that are getting downloaded i can't really tell if they are getting installed onto my real machine using my real chrome but i will gather some proof to what is happening as you can see for yourself the malware fast sets up what is going to happen and then turns on the internet after which it contacts the servers of the hacker which store even more malware so this 4k video downloader is not what we are told it's just a bunch of trojan downloaders and what i'm suspecting is that all those executable files in my temp folder are there for a reason the reason is each one is going to download separate trojans from separate servers so that tracking down the hacker will be difficult maybe i'm wrong but i think the more the executable files the faster the hacker can gain administrative privileges into my machine because they will be trying various kinds of malware within a short period of time this is proof that the virus does not require your help in order to download other malware or to perform any other actions on your computer what you have to do is run the executable and sit back and wait for your pc to be completely destroyed already you've discovered that malware is operating behind your back and causing problems for you some of the hackers will try to conceal their activities but these ones are confident enough to run command prompt in your faces because they know that you will be unable to remove them unless you act very quickly which will be nearly impossible because they have already gained access to your computer what i would recommend at this time is that you disconnect all of your gadgets from the internet because they have the potential to send you a computer worm and you will not be pleased with what will occur next [Music] as you can see no matter how hard i attempt to google something in an incognito window nothing will appear to happen to do what it is doing the malware requires peace of mind and the only time you will have access to your computer is when it has finished what a self-centered piece of malware at the moment i've been battling with accessing the internet and doing virus total scans on the applications for an extremely long amount of time without success i can't stop the infection from executing some files on my face and i'm powerless to stop it because i want you to see what happens when you download the cracked software from the source like free for pc or crack for pc which are both available online now this is the point where you realize that the software that you were downloading didn't offer what you wanted what they wanted was access to your pc and then they lie to your face that the application could not start because you lack some piece of file warning to those who download cracked software the application was not found because it was not there what was there was the trojan that wanted to download more trojan from the internet and then lie to you that the application was not found at this point the trojan's goal is to deceive you into believing that you are missing a file that is required for the software to function properly for those who are not technologically knowledgeable you will simply close the browser window and continue about your business we'll seek for another crack and forget about the one that didn't work but what you don't realize is that hackers are infiltrating your computer without your knowledge or permission as you can see the trojan is attempting to get me to install a microsoft file that is not there on my newly upgraded machine can windows update my machine and then notify me that i have another update available soon after i install this app is this possible it was only after the malware had completed its installation that i observed that an executable file named microsoft was dropped onto my computer which i later discovered to be the malware itself that lies for an update and what it does is download more malware while pretending to do an update the scary part is that i could not see microsoft telling me to restart the machine after this update if this sounds too funny clap for yourself for you atlas to understand some windows operating system i chose to update my microsoft operating system in accordance with the instructions that the hackers were sending me the laptop crashed while i was in the middle of updating it and i had to shut it down and restart it the update pop-up did not appear again after the computer was restarted this indicates that it had already completed its task at hand its intention to download enough malware to make me a part of a botnet computers infected with a virus which allows hackers to take control of them are known as a botnet because their machines are not directly involved in the attack they may be able to conceal the location during the attack right now the malware is taking it easy within my virtual system fooling itself into believing that i don't know what i'm going to do is drag those executable files that have accumulated in my temporary folder because the malware has forgotten to delete its tracks to a safe location on my computer as you can see these files are being recognized by a large number of antivirus programs i'm not going to say anything about just pull them into virus total and you have to keep an eye out for yourself trojan injector is the generic detection moniker for malware that injects itself into other processes or files used by malwarebytes to identify malware that does this this is an efficient approach of hiding from the average user because they will only see the regular active processes which is what they are used to seeing the next one is detected by 44 antiviruses i'm not even continuing any further because that is enough proof now i want to go back to my real machine and confirm about the trojans that got detected by my real antivirus by the way the one detected by all these antiviruses was the setup executable file that we saw at the beginning of the video trojan crypt is a highly intrusive adware application that is quite similar to another intrusive adware it performs the following functions additional malware will be downloaded and installed make use of your computer to commit click fraud keep a record of your keystrokes as well as the websites you visit send information about your computer such as usernames and browser history to a remote malevolent hacker who will use it to commit fraud allow remote access to your computer advertising banners are injected into the web pages that you are going to be viewing on the internet hyperlinks are created by converting random web page content into hyperlinks pop-up windows appear in the browser recommending bogus updates or other software to save time as you can see i've already paused my virtual machine so that i can get back to my real machine and my malwarebytes has already been launched to save even more time we're going to jump right into the detection history so we can see exactly what was detected on my system and network as you can see there are a large number of detections today which can be verified by comparing the date at the bottom of the screen to the date when the detection was made in reality a computer worm was discovered on the network and it was manually halted from spreading by the network administrator malwarebytes these are the ip addresses of the servers that were contacted in order to download trojans and computer worms and you can see what they were i'm not sure if the computer worm was attempting to spread into my host machine but because malwarebytes stopped it i can assume it was attempting to do so because my host machine and virtual machine were both on the same network at the time of the incident now let's try to connect to where the computer worm was getting downloaded from notice that i switched from my host machine to my virtual machine because i don't want to risk my machine again i will use the ip address and separate it from the port number using a colon as you can see i have malwarebytes for chrome installed in my virtual browser also so the website is blocked and that makes it a 70 probability that the worm was trying to spread to my host machine from wikipedia a computer worm is a standalone malware computer program that replicates itself in order to spread to other computers it often uses a computer network to spread itself relying on security failures on the target computer to access it one it will use this machine as a host to scan and infect other computers when these new worm invaded computers are controlled the worm will continue to scan and infect other computers using these computers as hosts and this behavior will continue dot 2 computer worms use recursive methods to copy themselves without host programs and distribute themselves based on the law of exponential growth thus controlling and infecting more and more computers in a short time.three worms almost always cause at least some harm to the network even if only by consuming bandwidth whereas viruses almost always corrupt or modify files on a targeted computer many worms are designed only to spread and do not attempt to change the systems they pass through however as the morris worm and my doom showed even these payload-free worms can cause major disruption by increasing network traffic and other unintended effects if i have a virus on my virtual machine will the antivirus software on the host pc detect it we have previously completed this task in collaboration with you i hope you found this video to be beneficial consider sharing it with others who might be interested in seeing and experimenting with viruses within the virtual computer to see whether or not they will infect the host pc thank you for taking the time to watch subscribe for more bye [Music]
Info
Channel: Lifeen
Views: 326,970
Rating: undefined out of 5
Keywords: #malware #virtualbox #malwareanalysis
Id: gzwt73_3ZqA
Channel Id: undefined
Length: 20min 38sec (1238 seconds)
Published: Mon Jul 26 2021
Related Videos
This Discord Server Controls my PC (with Malware)!
No Text To Speech
1.1M
The Anti-Virus Tier List
Chris Titus Tech
906K
I Tested Malware Against Antiviruses
Crypto NWO
1.1M
5 reasons EVERYONE needs a home server
TechHut
316K
The Slow Death of Windows
TechAltar
1M
Why Use Virtual Machines for Privacy and Security? Not Obvious! Top 6 List!
Rob Braxman Tech
85K
How Hackers Hide
John Hammond
236K
The 7 Worst Operating Systems Ever
ThioJoe
1.8M
My Virtual Machine Addiction...
SomeOrdinaryGamers
399K
What Enterprise-Grade malware looks like
Eric Parker
48K
The Linux Experience
Bog
504K
If I Laugh, I Install Malware (Ep. 2)
Basically Homeless
1.3M
Don't buy an anti-virus - do THIS instead!
Liron Segev
1.9M
I Tested Bonzi Buddy Against My Real PC
Crypto NWO
130K
Windows Defender vs Top 100 Malware Sites
The PC Security Channel
632K
Using Virtual Machines for Privacy and Security
Rob Braxman Tech
90K
How to not get hacked: real example
The PC Security Channel
388K
QEMU/KVM for absolute beginners
Veronica Explains
513K
3 Levels of WiFi Hacking
NetworkChuck
1.7M
Annabelle Virus Run on PC no VM || Destroying My PC
GadgetsKlinik
32K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.