05-26-2012 02:27 AM
Today I was testing Quick Heal Antivirus Pro 2012 on my Virtual Machine running Windows 7 Home Basic. When I opened a malicious url on the virtual machine, Norton Internet Security 2012 installed on my host machine triggered a warning that an intrusion attempt had been made by the infected url. Can this malicous url(or any other malicious url) attempt an intrusion attack on my host machine when the url is run from my virtual machine? I also want to know why Norton alerted me about this intrusion. It has never alerted me about before about any malicious url that is run on my virtual machine.
I have attached the infected urls which have been run from my virtual machine and have triggered Intrusion alerts from Norton Internet Security 2012 on my host machine.
05-26-2012 05:37 AM
Malware run in a virtual environment can even infect the host system.
05-26-2012 06:05 AM - edited 05-26-2012 06:18 AM
I posed a similar question last month which generated a lot of input and comments about running NIS on the host machine and if it protects the virtual machine as well.
I particular, see DaveH's post at the bottom of page 2. It explains the Shared Networking (NAT) option setting and it's effect on the VM.
I just tried the first URL in your text file using IE8 from within Windows Virtual PC XP Mode and NIS 2012 running on the host (Win7 Pro SP1 x64) caught the threat and blocked it. It never even got to the VM where I have MSE installed and running.
05-26-2012 05:42 PM
I have tried one of the files, on starting it, the program (in asian) goes about downloading files, so for one thing it doesn't matter if done in VM or not, the same PC hardware is used to connect and download, which Norton is monitoring even outside VM, Bang Intrusion Prevention notices the network use and downloading (or attempt).
05-30-2012 09:35 AM
What if I use Sandboxie and sandbox the browser from which I am downloading the malicious software? Even if Norton detects an intrusion, the malicious program cannot really harm the host machine nor the virtual machine. Can malware also penetrate sandboxing protection?