Jump to content

Can a malware bypass a virtual machine?

ybriK
By ybriK
in Operating Systems
 Share
Posted

Is it possible? Even with Guest Isolation turned off can a malware bypass a virtual machine? I've been playing around with malware (mainly trojans, keyloggers and adware) for around 3 months now and my host system seems fine. I always scan with mbam both safe/non-safe mode. Obviously I have a system image backup incase something happens.

Link to comment
https://linustechtips.com/topic/281151-can-a-malware-bypass-a-virtual-machine/
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Depends if the hard drive was partitioned. If not it could potentially lead to problems. but either way I am certain you should be fine. What you messing with anyway?

Just different types of malware, curiosity I guess and how they behave inside a non-protected system. Adware seems to be the most annoying out of them as pop-ups are everywhere, keylogger just sits in the background recording information as I can see it sending data under "Resource Monitor". Scamware/system hi-jack or whatever they're called looks the most "scariest" since I could literally not do anything to the virtual machine and had to revert to an earlier snapshot.

Link to post
Share on other sites
Posted

If the disk is not partitioned or separate from your Windows Installation, Malware might(small chance) be able to infect your system. It is usually impossible to get out of Virtual Machine, unless you have some sort of connection between your host machine and the virtual machine.

Link to post
Share on other sites
Posted

Is it possible? Even with Guest Isolation turned off can a malware bypass a virtual machine? I've been playing around with malware (mainly trojans, keyloggers and adware) for around 3 months now and my host system seems fine. I always scan with mbam both safe/non-safe mode. Obviously I have a system image backup incase something happens.

It really depends on the malware sometimes even with virtual machines it could infect your main system, ransomware does that alot.

NEVER GIVE UP. NEVER STOP LEARNING. DONT LET THE PAST HURT YOU. YOU CAN DOOOOO IT

Link to post
Share on other sites
Posted
  • Author

If the disk is not partitioned or separate from your Windows Installation, Malware might(small chance) be able to infect your system. It is usually impossible to get out of Virtual Machine, unless you have some sort of connection between your host machine and the virtual machine.

Hmm I see. Well the only connection between the host and guest is the network adapter drivers so that the guest can connect to the internet. I'm using VMware Workstation 10. To be more specific, Type 2 Hypervisor.

Link to post
Share on other sites
Posted

Is it possible? Even with Guest Isolation turned off can a malware bypass a virtual machine? I've been playing around with malware (mainly trojans, keyloggers and adware) for around 3 months now and my host system seems fine. I always scan with mbam both safe/non-safe mode. Obviously I have a system image backup incase something happens.

 

Easily. a malware or trojan can bypass your windows fire wall VM Shells even if its off but USB and lan power is on . like many people leave computers like that these days using Erp off on Asus and Gigabyte On/off charge  . 

CPU: i7 4790K | Ram:Corsair Vengeance 8GB | GPU: Asus R9 270 | Cooling :Corsair H100i | Storage : Intel SSD, Seagate HDDs | PSU : Corsair VS 550 | Case: CM HAF Advanced.

Link to post
Share on other sites
Posted

The only avenue to infection that  I can think of would be VMware's integration features, possibly, but very unlikely if we're trusting that they made Workstation without any holes. Assuming you took all other precautions that is, sounds like you did.

Link to post
Share on other sites
Posted

... OAIGXZc.gif

 

Short answer: probably not but it's possible.

 

Long answer: For all intents and purposes a virtual machine is a distinct entity... "Partitioning" has nothing to do with it...

 

That said, all mechanisms by which malware and viruses typically spread within a LAN apply... file shares and any other form of file transfer between machines (emailing files to yourself, backing up to a third shared volume, etc.) If for example you were to mount a folder from your guest OS on the VM the malware could spread to that folder and if you accessed it on the host OS it could infect the host. 

 

Some hyper-visors will mount the host drive inside the guest automatically (VirtualBox used to do this) using their integration tools if you select some option in the setup... So on the guest go into Start -> Computer and just make sure there's no mapped drive back to the host. On both the host and the guest I would also take a trip into "Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings" and disable network discovery.

Link to post
Share on other sites
Posted

It could be possible, it depends on which VM you use, how it implements virtualization and how well it was programmed. It is theoretically possible to break out of a VM.

Just assume that as two things rum on the same physical machine, or are even just physically connected in some way, they can infect one another.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Operating Systems

×