Is it safe to use virtual machines when examining malware?

We want to study for the CEH program and have downloaded 12 DVDs that 6 DVDs are software key-loggers, Trojans, etc. that are all detected by antivirus. This prevents us from examining them and learning how they work.

I have instructed students not to uninstall antivirus as running these malicious files is not safe on its own. It might even spread on the network.

One of the students suggests to use Windows XP mode. Is this safe? I see these articles 1 and 2 here but the answers are contradictory and confuse us.

Are virtual machines safe for downloading and installing Trojans, key-loggers, etc.?

Is there another way to solve this problems, e.g. set up a lab, to show what happens to victims of the malware?

Malware Analysis – Certifications vs Experience

I’m looking at learning more about Malware Analysis/Reversing for a future career in those fields and have a 1-2 months free coming up and was wondering what to do. I have a background in pentesting with the OSCP and I’m looking into the following certs/options

  • GREM
  • OSCE
  • OSWP + Exploit/Malware experience

GREM of course sounds the most relevant, however I don’t want a cert that has to be renewed as I have another few years in university before starting work so it seems pointless to me, and too expensive.

OSCE I’ve heard is mostly about exploit writing and binaries, which I assume would be useful to learn first before going into reversing and malware analysis, and of course it doesn’t have to be renewed and is half the price of GREM.

OSWP of course is nothing to do with the area, but I was thinking of taking it just for an extra cert to add something extra to my resume, while I’m doing this I was going spend the rest of my time reading books and researching exploit writing, reversing and malware analysis to try to cover as many parts from the OSCE and GREM, and try get a CVE.

Although the last option covers a lot of different material I imagine it would look worse on a resume as the certification isn’t as challenging or relevant to malware/reversing. So from these options, or others if you have any, what do you think would be the best option?

Thanks

help eradicate malware

n00b there infected with a bootkit, i never seen something like before

ill do some stupid questions

then…

i already learned some topics about firmware infection, mbr infection and uefi infection, tried to eradicate it but didn’t succeed

i start the os from a clean live cd (ubuntu), then ejecute

dd if=/dev/zero of=/dev/sd(X) 

due the malware is able to infect the MBR after the format ends i disconnected the disk before it ends, it corrupts the partition table

i re-flashed the bios, disabled all onboard features except the usb controller

now i connect the hdd, boot again from a live cd and create a new table and partitions and install from scratch

… and the happy malware still here

then my question starts…

can usb controller or devices be infected?

can hdd firmware be infected too?

where can i get a good point to start a research?

Should I send the infected sample to a lab?

any documentation, comment is welcome

sorry about my poor english, thanks for your time

sorry if someone get angry because this post

notes:

the malware gives root access to the owner

the malware poison the entire local networks (dns and arp)

the malware connects download “things” from internet (everything encrypted)

rkhunter and clamav, totalVirus doesn’t detect anything

regards

Malware these days [on hold]

I was just browsing the internet and looking for some informations for my diploma thesis which has a cool name ‘Malware these days’.

I’ve read a ton of info about this topic but I’m not really sure what to believe and what not. I’m not really experienced in this topic so I don’t know what the borders of malware are, what is the “hot” stuff these days, what are potentionals threads in the near future etc..

I have been checking youtube channels like Hak5, Seytonic, LiveOverflow but there is not a lot of info about malware. Sooo.. my questions are something like:

For the thesis – which books should I follow? Where can I get trusted info about todays malware which i can use in my work? Or anything else I can use in it? Ideas?

If u guys can give me a brief overview about “hot” stuff, that would be awesome.

Thank you. Much appreciated. (:

How can I explain our system admins that AV can’t protect our enterprise machines from malware that come from USBninja?

Was hoping to get your support to help to explain to our system admins how come the AV can’t protect our enterprise from attacks that can be generated from USBninja. How can I explain our system admins that AV can’t protect our enterprise machines from malware that come from USBninja?

Can a website detect malware or virus present on device / PC?

I just got off the phone with an investment firm where I have an account. About a month ago, they blocked online access to my account due to “malware or a virus” found on my PC or device. Since we had been overseas for most of that month, and according to their logs the time when the “virus or malware” was discovered was roughly 1pm on March 29th (and we were already out of the country), that means that the number of devices we could have logged on with is reduced down to only 4 (two Android phones, an Android table, and an iPad). The time stamp would have been roughly 1am the following day in the country we were visiting, about 1-2 days after we arrived. After talking with the customer service manager for some length of time, there has been no activity in my account, other than payroll deposits as expected, so I don’t think anything untoward has occurred.

They refused to grant me access to my account until I’d had my devices / PC “professionally cleaned”. I have no idea how they’d be able to know I’d done this, besides I’m a computer professional, and I’m reasonably certain none of my devices are infected with anything. Once I’ve done this, they will change passwords and usernames, etc. to allow me access to the account.

What I suspect actually happened was me trying unsuccessfully to log onto the account from my tablet (I vaguely remember something like this happening right after we got there, but didn’t think much of it). I probably tried too many times and the account got blocked. Since I was trying from an out of the US IP address, this made it suspicious. That’s my guess.

My actual question is, is it possible for a given website to be able to detect that the log on attempt is occurring from a device that has a virus or malware on it? I don’t believe it’s possible for them to sniff my devices, but I figured you guys would know better than me.

How to detect a virus /malware missed by antivirus program

I was On FB page,accidentally clicked an ad. Another window opened up and locked the browser with background audio message, purportedly from MS, warning about security compromise on my PC. Unplugged PC, restarted PC, working fine but found that history had been wiped off in both IE and Firefox. Ran mcaphee, avast, Fortinet and malware bytes , no detection. Is it possible there may still be some virus sitting in the system and evading detection by antivirus programs ?

Found malware in my WordPress, what is it and what it does?

Recently I found strange file inside WordPress sources directory of a page I have written and I am maintaining. It was a luck case. I deploy my sources from GIT so when I typed git status on a server I saw one new file.

Besides this file there were two database tables wp_old_cache and wp_old_lcache, first 2.5MB and second one 25MB big.

Its source is here and sql dumps truncated to 30 rows each.

https://gist.github.com/gitowiec/bae47ad4b34a68e3118b33e03603f2df

What is it and what is it’s name? What it does to my WordPress installation? What software I should use to detect such security breaches in future? I could scan my webpages from ssh session.