Infecting a Virtual Machine

[spacekeeter]

Hey everyone, I had a few questions regarding getting a Virtual Machine running Windows XP infected with malware. I'm creating a lesson for a high school hardware class and I have created three machines a Windows XP Pro SP2 box with no updates, just a fresh install. Another Windows XP Pro SP2 box fully patched but no security software and finally a fully patched and protected machine. The point of the lab is to illustrate the difference and then have the students try to clean the infected machines using free tools like ad-aware and spybot, hijackthis , etc. Anyway, I'm having trouble finding a way to get some malware on the machines. Any suggestions?

 

[pigster]

Cruise some warez and free porn sites and let IE install the various helpers and add-ins...

 

[MorfiusX]

If you could find a couple sites that are classroom safe for content (not porn), you could have the students infect the machines themselves to illustrate how the protections of the patches and security software work.

 

[MorfiusX]

Or better yet, you could craft a site that exploits some of the IE vulnerabilities so that you could control the experiment and illustrate specific examples.

 

[nessus]

Place the virtual machines in the DMZ of your home router. Shouldn't take long, especially if your ISP does little port filtering.

Just to really make the point, I'd do an XP SP2 machine with the firewall off.

Your students might find Microsoft's "Strider Honeymonkey" entertaining as well. http://research.microsoft.com/HoneyMonkey/

 

[swatbat]

Just search for like free screen savers and download a bunch of them. A lot of those sites bundles adware with them. You can also do the same on those free game sites. I'd also install a bunch of those random search bars as well. Between all of that you should get it kinda messed up.

 

[Eickst]

metasploit

 

[spacekeeter]

It seems like everyone just suggests to browse porn or warez sites. I really can't do that while in the classroom. I know this is actually how most of malware spreads but there must be a way to get a few machines infected in a lab environment.

 

[digital_exhaust]

I agree with the free screensaver idea, and wallpaper sites as well.


Of course, you could just download something from Kazaa

 

[nessus]

You're working with virtual machines.

Take them outside of your lab environment to infect them. Then clean them in your lab environment. It should be easy enough to get infected without having to browse any sites that would leave behind objectionable content.

A machine way behind on its patches will be infected within minutes of being attached to the Internet in a DMZ. Particularly if the machine is not running a firewall.

If you are wanting to take your students through the infection process in real-time in a controlled environment, Metasploit would be a good way to go to see how exploits work, but it won't result in an actual infection...

 

[Eickst]

Just visit all of the keygen and cracks/warez sites. They install all kinds of crap.

 

[Farva]

I agree with the free screensaver idea, and wallpaper sites as well.

Like Webshots? *shutters*