[MS-Free]

I'm not really sure which forum this best belongs in.

If I download some Malware for reverse-engineering and subsequent analysis on my Ubuntu machine - am I putting any Windows machines on the network at risk?

[Advertisements]

Yes Malware can spread across the network in Windows
Your Windows network computers should have their Antivirus and AntiMalware programs up to date and live protecting.
Plus have all Windows Security Updates and Service Packs completed. And firewall on.

[kimsland]

Yes Malware can spread across the network in Windows
Your Windows network computers should have their Antivirus and AntiMalware programs up to date and live protecting.
Plus have all Windows Security Updates and Service Packs completed. And firewall on.

[MS-Free]

Okay, that's what I was wondering, and what I was slightly worried about. Just let me make sure I understand correctly: Even though it won't stick to a Linux machine, it can still make the jump across the network and (potentially) infect a Windows machine, correct?

[sari]

Playing with malware on networked machines is never a good idea. Even downloading malware to a VM on a Windows machine is not a good idea, as there have been instances where it has escaped and crossed over to the regular OS. However, the best bet would be to follow the advice you've been given elsewhere and hold off on this until you've advanced more. I don't understand the eagerness to put the cart before the horse.

[Titan8990]

Yes Malware can spread across the network in Windows
Your Windows network computers should have their Antivirus and AntiMalware programs up to date and live protecting.\

I have to disagree with this... How is something that can't execute going to spread? I have seen numerous failed attempts of running windows malware via WINE...

Another thing, is a virus, by definition, is not self spreading.

Although, I still feel that you should be doing this in an isolated lab environment, "just in case".

Setup your linux box on its own VLAN (if you don't have one, get a VLAN capable switch used). Set policies so that your Linux box can not talk to Windows hosts.

In my opinion its pretty safe to analyze malicious code on your Linux box. Open it in a hex editor, run it through something like Evan's Debugger, just have fun. Your much more likely to get something from simply browsing around the Internet on your Windows box. Even legit sites like the New York Times have reported to have ADs that distribute malicious code.

Plus have all Windows Security Updates and Service Packs completed. And firewall on.

I agree that many forms of malware exploit old, well known, and patched vulnerabilities. However, this isn't going to stop those 0day exploits from hitting (like the current "don't hit F1" fiasco).

One last time to make it clear. Even though I dispute that a binary file that can't be executed can spread to another host on a LAN, I still highly recommend an isolated lab environment.