I have read some threads talking about the safety of running malware in a VM. I found out that it may not be safe and there is still a risk. I would like to know specifically if running Wanna Cry, a ransomware, actually mess up my real computer. Is this virus made that way? I want to know about one other. Will running MEMZ, a trojan, harm my computer? Any answer to either of these will help.
-
Possible duplicate of [How is the "WannaCry" Malware spreading and how should users defend themselves from it?](https://security.stackexchange.com/questions/159331/how-is-the-wannacry-malware-spreading-and-how-should-users-defend-themselves-f) – Serverfrog May 17 '17 at 15:13
5 Answers
First and foremost I would say that if you don't know how the malware works, running it in a VM is "a very bad idea™". The people who do this professionally are experienced malware analysts and reverse engineers who have quite a lot of knowledge and capability with the various virtualization and segmentation concepts that are required to actively run malicious code without letting it escape the sandbox.
There is a plethora of information and analysis available online.
- https://www.us-cert.gov/ncas/alerts/TA17-132A
- https://www.trustwave.com/Resources/SpiderLabs-Blog/WannaCry--We-Want-to-Cry/
- https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/
These resources should give you a basic understanding of how the malware appears to execute and spread.
If you were to build a VM and manage to introduce (infect) the malware into the guest system, it is entirely possible your host system could be compromised if you do not protect against the attack vectors and distribution mechanisms.
- 765
- 5
- 13
These are malicious weapons, by definition you cannot trust them to react in any way.
Once a malware becomes quite old and its code has been thoroughly studied in every direction and all lead to very well defined scope and behavior, then yes it may be safe.
But appart from that, either because the malware is too recent and not very well known, or because it is too advanced and complex to be fully reverse engineered, then you should prepare yourself (and your environment) to any possibility.
- 19,082
- 4
- 58
- 104
-
I saw the clean MEMZ run in the VM without harming host computer. Is clean MEMZ safe in VM? But I also saw destructive MEMZ in VM. They then showed their host computer and it was fine. Can someone at least post destructive MEMZ code just to make sure? I don't want to take risk of downloading – Elliot King May 17 '17 at 14:25
MEMZ: If you run a 'regular' VM, then no, but if you run a VM sharing the host computer's files, then yes.
WannaCry: Also safe as long as you use a 'regular' VM. You don't need to worry about the internet connection anymore as no OS has the security issue allowing it to control your system any longer!
- 123,438
- 55
- 284
- 319
- 11
- 1
No, but if you have internet connection enabled, it could spread. I'm talking about WannaCrypt. Make sure you turn off internet connection otherwise it could spread.
It is safe to run MEMZ on a Virtual Machine , but if you we're to run WannaCry please just please for the sake of the internet, disconnect the network card from your VM so it does not get to another pc and then another, etc.
Except that yeah its safe!
- 11
-
Why is it "safe"? Do you have any references? How do you counter all the other answers saying that it is not safe? – schroeder May 22 '17 at 06:24
-
As most VM share some network with the host. NAT or Bridge well your are not probably safe ! – M at May 24 '17 at 22:27