By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here. - Internet Anti-Fraud Center - now open!

 Safe baiting with virtual machines

View next topic
View previous topic
Post new topicReply to topic
Author Message
Baiting Guru

Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.

PostPosted: Tue Mar 23, 2010 10:49 am Reply with quoteBack to top

I'm not sure if anybody will find this useful, but hey it's free. Smile

There's been some talk on computer security lately, namely browser bugs and other security holes. I would like to introduce those with an elevated (=healthy) level of paranoia to the concept of virtual machines.

What is a virtual machine?
A virtual machine, in this case, is an entire PC that solely exists inside a piece of software on your computer. Think of it as one of those Game Boy or C64 emulators that enable you to play the original Super Mario Bros or Maniac Mansion games on your modern PC. Only that in this case, instead of a C64 you have another PC inside your PC.
We will use VirtualBox in this example, because it's free and available for all popular operating systems. Other popular products are VMware, QEMU, Bochs or Virtual PC.

A real, unchanged Ubuntu installation (the 'guest OS') running inside a VirtualBox window on Windows XP (the 'host OS').

Advantages of a virtual machine

  • Flexibility. You want more RAM, a second HD, another network card? Click "edit machine" and choose the hardware you want to add/change.
  • Choice of OS: run Linux on a Windows machine, or vice versa
  • Snapshots: Take a snapshot, mess the operating system up to a point where the system won't even boot, click "revert to snapshot", system is reverted back to the state it was in when the snapshot was taken.
  • Cloning: set up one virtual machine, clone it twice, <wham> you've got three different virtual machines with identical setup.
  • Take your virtual machines with you. Create it on your desktop PC, move a few files to your laptop, use it on the road.
  • Isolation from your real environment: install as many trojans, virii, keyloggers, ... on your virtual machine as you like. They won't even see your real PC or the files on it. Later you can revert the virtual machine to a clean snapshot and it'll be like all the malware was never there.
  • Isolation from the internet: right-click on the network icon and click "disconnect" to pull your virtual machine's network cable.

Virtual machines for baiting
While virtual machines help fight all kinds of paranoia, they're extra useful for baiting:

  • Additional protection against malware (see above)
  • No real-life information on the VM (create one machine per bait if you like)
  • Play with different browsers, settings, bookmarks; make everything as baiter-friendly as possible without affecting your real-life machine

How to get started
To make things easier for you, I've prepared a virtual machine. It's based on Ubuntu 9.10 32bit and should run fine on any hardware not much older than two or three years. It's up to date with patches and Firefox and Opera have been pre-configured.

  1. Download and install VirtualBox for Windows, Linux or Intel Macs
  2. Download and extract my pre-configured virtual machine: Switzerland server, US mirror (warning: the file is 1.4GB in size)
    You should get two files, Baiter1.ovf and a huge file with lots of numbers in the file name.
  3. If you can't open the .rar file above, download and install WinRAR or 7-Zip
  4. Start VirtualBox and click File --> Import Appliance
  5. Open the .ovf file you've just extracted. VirtualBox now imports the virtual machine, this will take a few minutes.
  6. Back in the VirtualBox main window, there should be a virtual machine called Baiter1. Select it and click Start.
  7. Congratulations! Have fun baiting. If you mess anything up, repeat steps 4 and 5.

While virtual machines are a wonderful way to protect your computer, remember that an infected virtual machine can still use your internet connection to send spam, sees your local computer network and has access to your clipboard.
Theoretically it's also possible for bugs in VirtualBox to allow malware on the virtual machine to step out of the sandbox and attack the host system. However, if such a hole exists, the malware would still need to be crafted especially for your configuration of host and guest OS and probably require root/admin access there.

Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicReply to topic

 Jump to:   

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

E-Mail Header Analysis

All Content © 2003 -
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT