As I was thinking to reinstall a Host Operating system (homesystem), I asked myself if the VMs running on the host shouldn't be deleted and reinstalled too. Assuming malware (backdoors) and so on could haunt inside the VMs.
Could the VMs be used to infect the Host System and is there a standard behavior on how to manage the VMs, e.g deleting or using backups (if the first) or reverse engineering?
I read also this topic here.
It is possible for the guest VM's to be infected if the malware either understands how to control the guest or there is a live connection between the host and guest - e.g using a "shared" drive or network drive.
The first is unlikely, the second is reasonably likely.
So if you can easily share data between the host and the guest, you should probably assume that the guest is compromised - assuming that it was running when the malware was.
It is theoretically possible that malware could also directly infect a virtual disk but again unlikely, I'm not aware of any.
If you are using VM's, it is common and sensible to take a snapshot of the VM and drives after initial setup. Write that to CD/DVD or pen drive and keep it offline until needed.
As for the VM infecting the host, the same logic applies.
If you want to experiment with malware on a VM, you need to ensure that there is minimal contact between the VM and the host. Don't share drives, don't have a shared network.
