If I download some Malware for reverse-engineering and subsequent analysis on my Ubuntu machine - am I putting any Windows machines on the network at risk?
Will I infect
#1
Posted 11 March 2010 - 12:52 AM
If I download some Malware for reverse-engineering and subsequent analysis on my Ubuntu machine - am I putting any Windows machines on the network at risk?
#2
Posted 11 March 2010 - 01:36 AM
Your Windows network computers should have their Antivirus and AntiMalware programs up to date and live protecting.
Plus have all Windows Security Updates and Service Packs completed. And firewall on.
#3
Posted 11 March 2010 - 09:25 AM
#4
Posted 11 March 2010 - 09:47 AM
#5
Posted 11 March 2010 - 03:56 PM
Yes Malware can spread across the network in Windows
Your Windows network computers should have their Antivirus and AntiMalware programs up to date and live protecting.\
I have to disagree with this... How is something that can't execute going to spread? I have seen numerous failed attempts of running windows malware via WINE...
Another thing, is a virus, by definition, is not self spreading.
Although, I still feel that you should be doing this in an isolated lab environment, "just in case".
Setup your linux box on its own VLAN (if you don't have one, get a VLAN capable switch used). Set policies so that your Linux box can not talk to Windows hosts.
In my opinion its pretty safe to analyze malicious code on your Linux box. Open it in a hex editor, run it through something like Evan's Debugger, just have fun. Your much more likely to get something from simply browsing around the Internet on your Windows box. Even legit sites like the New York Times have reported to have ADs that distribute malicious code.
Plus have all Windows Security Updates and Service Packs completed. And firewall on.
I agree that many forms of malware exploit old, well known, and patched vulnerabilities. However, this isn't going to stop those 0day exploits from hitting (like the current "don't hit F1" fiasco).
One last time to make it clear. Even though I dispute that a binary file that can't be executed can spread to another host on a LAN, I still highly recommend an isolated lab environment.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users