A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.
Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.
This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters. Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.
Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.
I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.
QEMU/KVM is rarely detected, because VirtualBox and VMware are the most popular VMs out there. btw, even in VBox & VMware you can via Registry Editor, I believe, edit sys info so that it would look like to malware that it's a real PC
@@uzzybuzzy-t5h Polish domain (.pl) doesn't require you to have a polish citizenship. Also the information provided by WHOIS is supplied by the owner of the domain (it's whatever was used on domain's purchase), VPN has nothing to do with that.
Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!
More than infecting your router they can take the public IP from the internet connection of the pc, taking public informations. Most "routers" that we use in our houses do not have any computation power and decision making capabilities, everything is done by the ISP. In general yes tho, it's better to disconnect the internet connection from a virus testing virtual machine
@@norav69 The greatest risk I see is if you have a router with the default password the malware might be able to log into it and turn on port forwarding on your devices, then send your IP to an attacker, so if you then ran a service thinking it'd only be accessible locally, you might end up exposing yourself to the internet
@@norav69 Oh no they can take my PUBLIC ip whatever are they gonna do Yeah nothing that's right Network access might start becoming dangerous if you have fully unprotected devices like a camera or a washing machine on your network But let's be honnest most viruses you get are just interested in grabbing your passwords and access token
9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).
good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!
@toreopp this is true, he ran the file on his vm. But he didn't completely isolate his vm from his host machine by disabling all network connections. Most viruses can escape the vm by hopping to the host machine through the network.
protip: don't keep cloning the machines, use snapshots! you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple
As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.
"Now imagine if I opened this on my actual computer, not a virtual machine." Your Windows Defender on your actual computer would have blocked and quarantined it as well.
nie wiem dlaczego, ale byłem przekonany, że oglądam Polski film a nie angielski, więc mnie to nie zdziwiło, czy ja już naprawdę nie odróżniam Polskiego od Angielskiego?! 😂 POLSKA GUROM 🇵🇱
Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....
this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting
Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you. I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it. I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in? I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!
Windows has a optional feature called "Windows Sandbox". It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine. Its pretty good & safe and doesn't use as much space as VirtualBox.
Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM. *Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort. Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.
"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽
you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner
@@WindowsDestroyerIf you're thinking of exploits capable of escaping a network isolated VM, yea, no, those exploits go for millions, they ARE NOT going to be used on a YTber
If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.
From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox
Well done, sir. I would have also had some suspicion regarding this “company” (3.18 USD is hopefully _not_ a stock price you’d want to have) but the way you also handled the rest was truly remarkable. Wishing you luck in your other financial ventures
you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later
well, just an upload to VT showed it's AMOS stealer (not 100% sure, maybe wrong detection & could be something different). So it seems that it's nothing incredibly new, but still interesting
even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson
You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.
I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.
When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM. A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.
First off, this is a super awesome video. And second, I truly believe that vigilance against social engineering and phishing needs to be higher than it ever has, and this video highlights exactly the reason why.
I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code
I almost lost my steam account by some person pretending to be a steam admin and that I was about to get banned. I didn’t fall for it I only gave him my email and he wanted verification code, but when I checked email to change password. Which made me suspicious. He has my email though and is that a problem?
OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!
This is actually something ive thought about over the last like 4 years, when I was getting into streaming and doing YT on another channel I started to wonder how RUclipsrs/streamers/people on social media keep their accounts safe when companies or people email them for promo or to collab, or even just send a link to a YT video that might redirect them if they dont know better to check the link. Some of the people I follow on IG have posted "Email this email videos or a written statement to why you should" and so on, and I thought what if someone just hates that person and sends a fake word document and they just open it on their PC or phone and they just start stealing their shit?
Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video: 1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do) 2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet. 3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client
@@itsTyrion I mean depends on the type of organisation u are. Most of the ones I know use outlook which it doesn't show without modifications. And outside of professional environments Gmail, yahoo etc are the average clients which also don't show it
Windows: We have a sandbox preconfigured, optimsed and ready to use at any moments Bog: I rather use a 3rd party software with all the disadvantages 😭😭😭😭
Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.
This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)
hi! I love your video's and I have a sugestion for an upcomming one: A video where you compare some different browsers like firefox, chrome, edge and opera and then discuss what you find important in a browser and give points to them all! Maybe I'll see it comming!
These can sometime just install a powershell script and add it to your Task Scheduler. Which makes the powershell script run every time you restart. I was affected and had to delete the task from the task scheduler.
there is inbuild windows virtual machine, which cleans everything as soon as you shut it down it is in "turn windows features on or off" and virtual machines hope it helps!!
When I heard you say "I noticed it was a exe file so I went to my windows computer open it" I almost had a heart attack haha. Glad your brained kicked in. I will say though, never rely 100 percent on a VM to be foolproof, as there are scenarios were the malware can escape the VM to your host machine. I would recommend uploading it to something like virustotal, which will not only let you know which antivirus' detect it as malware, but also run it in their sandbox and give you all the details about the files behavior. That way is as close to foolproof as there is.
the scammers could at least have obfuscated the beacons or whatever they're using lmao seems like they're using raw metasploit generated shells Also, windows defender works really well, and that alert about that i comes back is not exactly true, windefender usually confuses different trojans (like in this case, it was clearly a metasploit generated one) and the obfuscation of it is not that complex. The issue would come when they give you not a .exe, but a .bin that actually loads a shellcode directly on the memory (you can google that out if you want, there's a project on github named donut that converts .exe into .bin) meanig since it's directly loaded on the ram it completely bypasses windows defender. if it's on disk windows defender will easily mitigate it. Nice video! you won a cyber researcher follower :P
vegas is NOT an editing software. it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.
@@FlushDesert22 yeah fair, I use resolve lmao. But in all seriousness, at least other softwares are stable most of the time... And dont require you pay an obscene amount every time you upgrade. Also Vegas just... Doesn't have much support anymore
It used to be great until whatever they screwed up. Anything I render on vegas either is littered with black frames or extremely pixely. Sticking with pirated premiere that runs on any machine post 2013 lol
4:05 Not always. There are some out there that can jump to the host machine. There are also plenty out there that will detect if they are in a VM and not actually do anything to hide what they really are.
Also, I just realised that you can reduce email spam by around 70-80% by scrolling back up to SMASH the like button
Hello. I eat rats. Are you a rat?
bet
💯
real!!
It worked
This turned from a video about viruses to an virtual box ad.
more like a Windows installation tutorial, which is crazy because the OS installer should not require one
thats the point
🗿
they deserve the promo
That's not the type of tool that would make any sense being advertised on youtube
A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.
Huge fan of your channel! Hope this never happens again
I remember this happened to an artist named sonadrawsstuffyt
Can you gimme a shout-out?
Plot twist: this whole video was a virtual box promo 🗿
bruhhh :-:
VMware is better
@@sauliusvitkauskas8741 Both are pretty good but still not 100% safe
@@sauliusvitkauskas8741 true
@@sauliusvitkauskas8741 No way lol. Broadcom sucks. Open-source FTW!
3:39 my bad for reading your folder names
Lol
I don't get it?
@@JosGeerink3:41
My bad, too.
why is the pfp a pic of someone on the moon
I live in india, Zomato is a legit company, and really big like doordash, this person is definitely pretending to be them.
same here, zomato doesn’t even work in europe.
I mean, definitely. He even showed the stock value of the company in the video, so it's real. Just like Sony Vegas is
ya dont say?
@@flipflops99 fr like bro saying it like it wasnt obvious they are prentended
It is a multinational company if I remember correctly
Congratulations on getting me to watch a 14 minute long ad for VirtualBox!
Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.
also often the software can detect a VM so you have to use qemu-kvm and trick it into thinking its not running on a VM, or hyper-v might work
are there any tutorials on this
@@randomgamingin144pcan you link a tutorial
Uhh if you run VMware the vm's network connection will be isolated
@@randomgamingin144p or sandbox
This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters.
Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.
Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.
😭
Pack it up bruce wayne
@@MrBIizzard MY NAME IS THE HULK!
Well i hoped for some analysis of the virus like what it steal how it works etc.
Gotta engage knightfall protocol now
Edit: don’t forget about the 243 riddler trophies
I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.
where did you get them?
I checked many sites and in the end I leaned towards BNH Software and in the end everything turned out well.
I asked you because lately I'm very distrustful of download sites
I think that's normal
Clarification on virtual machines: some clever viruses can detect and potentially even escape virtual machines (although the latter is rare)
That is what wacatac is doing, it first scans to see if its on a VM and if it is then it wont run any further malware
I mean 6 out of 100 malware can do this. Your just better off playing the unlucky jackpot if that happens. But some people use web virtual machines
QEMU/KVM is rarely detected, because VirtualBox and VMware are the most popular VMs out there. btw, even in VBox & VMware you can via Registry Editor, I believe, edit sys info so that it would look like to malware that it's a real PC
@@siphovundla5057 wacatac isnt even a malware lol. its the ai scanned malware.
@@woodcrafte_r VM escapes are very very rare and haven't happened in many years
"theres a .pl"
Ok so its Polish
"Its from the netherlands"
i was thinking the same think lol
thing*
as a polish person, i agree 😭
probably used a vpn
@@uzzybuzzy-t5h Polish domain (.pl) doesn't require you to have a polish citizenship. Also the information provided by WHOIS is supplied by the owner of the domain (it's whatever was used on domain's purchase), VPN has nothing to do with that.
Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!
6:23 If there's spelling and grammar mistakes then there's definitely something wrong in my opinion.
yeah
Hey Bog if you see this, in the future DO NOT connect a ethernet cable or Wi-Fi they can infect your router.
More than infecting your router they can take the public IP from the internet connection of the pc, taking public informations. Most "routers" that we use in our houses do not have any computation power and decision making capabilities, everything is done by the ISP. In general yes tho, it's better to disconnect the internet connection from a virus testing virtual machine
@@norav69 The greatest risk I see is if you have a router with the default password the malware might be able to log into it and turn on port forwarding on your devices, then send your IP to an attacker, so if you then ran a service thinking it'd only be accessible locally, you might end up exposing yourself to the internet
@@norav69
Oh no they can take my PUBLIC ip whatever are they gonna do
Yeah nothing that's right
Network access might start becoming dangerous if you have fully unprotected devices like a camera or a washing machine on your network
But let's be honnest most viruses you get are just interested in grabbing your passwords and access token
@@fabienso5889 Can't wait for a virus to overtake random unprotected printeris
anyrun is a good way to do that stuff safely
9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).
What it was detected with ml because it said that was the detected file
good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!
He didn't run the file. He's fine.
i think it's just some cheap stealer, so nothing to worry about
@toreopp this is true, he ran the file on his vm. But he didn't completely isolate his vm from his host machine by disabling all network connections. Most viruses can escape the vm by hopping to the host machine through the network.
@@RealMol this is false.
@@RealMol They aren't able to escape, they can however gain access to unprotected devices on the network.
protip: don't keep cloning the machines, use snapshots!
you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple
As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.
"Now imagine if I opened this on my actual computer, not a virtual machine."
Your Windows Defender on your actual computer would have blocked and quarantined it as well.
but windows defender will not 100% protect you from these viruses.
7:57 Polish domain
Chciałem napisać 😅
nie wiem dlaczego, ale byłem przekonany, że oglądam Polski film a nie angielski, więc mnie to nie zdziwiło, czy ja już naprawdę nie odróżniam Polskiego od Angielskiego?! 😂 POLSKA GUROM 🇵🇱
POLAND MENTIONED ☝️☝️☝️☝️🦅🦅🦅🦅🇵🇱🇵🇱🇵🇱🇵🇱🇵🇱🇵🇱🇵🇱💪💪💪💪💪💪💪
Booting in a VM is sure safer EXCEPT WHEN THAT VM IS CONNECTED TO THE INTERNET!
0:29 nope, broken english = its a phish.
God I had such a crush on that pfp when I was a kid
Nice folder called "STOP READING MY FOLDER NAMES". Gotta love that!
9:38 this gives "I always come back" vibes
3:40 love the "STOP READING MY FILE NAMES" folder 🤣🤣🤣🤣
Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....
So why are they trying to trick people into installing malware on their machines? Even worse why don’t they support Linux? /jk
It has many services outside India
They are outside India aswell...atleast in usa and use since like 2016
so its kinda like just eat/grubhub/uber eats but in india
@@ashishjadhao115 they have stopped operating outside india
5:46 You can also create a snapshot of the VM in VirtualBox and restore it after you're done, that way you don't have to have multiple VMs.
this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting
10:03
Fun fact: if u have windows pro version, u can use windows sandbox too
4:33 insert vsauce music
Hahaha
DOCTOR WHOOOOOOOOOOOO
Just realised Zomato doesn't exist in other countries. Basically it's like doordash
W video, really smart to open the file in a virtual box :)
Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you.
I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it.
I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in?
I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!
Windows has a optional feature called "Windows Sandbox".
It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine.
Its pretty good & safe and doesn't use as much space as VirtualBox.
"it's pretty good & safe"
someone has never encountered a piece of malware not coded by a 7 year old
@@johnandericadventures Please do show me this malware that can escape from an airgapped Hyper-V sandbox. Would be handy for taking down Azure
Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM.
*Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort.
Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.
Man keep doing these,really loving your work so far
Cheers!
"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽
you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner
Btw NTTS Means "No Text To Speech"
I was not expecting the spy jumpscare lmao. Great video!
Instead of cloning, you can use a snapshot to clone a vm at a point in time, so you can restore it back after running sketchy stuff
7:30 POLAAAANDDDDDD RAAAAAAAAAAAAHHHHHHHHH!!!!
yea
"woo, trojan virus ladies and mentalgen" 🤣🤣🤣🤣
Thank you for the very useful information.
I will password protect my zip files from now on.
Bog when he discovers some viruses are capable of escaping Virtual Machines
How?
@@AndRei-yc3ti exploiting the networking
Or some one could do just exploits with the hypervisor
@@WindowsDestroyerIf you're thinking of exploits capable of escaping a network isolated VM, yea, no, those exploits go for millions, they ARE NOT going to be used on a YTber
no one is risking a 0day for a 110k youtuber
I love that your videos don't have music. Very satisfying!
If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.
Someone: sending an email to sponsor a company
Bog: ends up sponsoring/recommending oracle virtualbox😊
Interesting Video. Btw you can also use the Windows Sandbox. It automatically resets after you close the window.
From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox
Yeah it's just a random window that when you close it goes like bye bye
7:41 poland mentioned!!!!!!!!
NETHERLANDS MENTIONED ASWELL!!! :D
I just realized it wasn't exactly a good thing... :(
Well done, sir. I would have also had some suspicion regarding this “company” (3.18 USD is hopefully _not_ a stock price you’d want to have) but the way you also handled the rest was truly remarkable. Wishing you luck in your other financial ventures
Try opening it without windows defender turned on
💀💀
Virtual machines are for cowards!
Could be a cool video idea if he gets some really old laptop for super cheap
he would get a trojan virus, nothing interesting
Please do an iWork vs Office. ❤ I've never seen anyone doing an in depth comparison between Apple and Microsoft in this area. Great videos. Thanks 👌
you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later
yeah i thought he was going to show that one but he just showed the same windows virus twice 😒
Ok, I digged a bit deeper, it's something reeeally interesting. Will completely reverse it and I guess upload a video on what it is
well, just an upload to VT showed it's AMOS stealer (not 100% sure, maybe wrong detection & could be something different). So it seems that it's nothing incredibly new, but still interesting
even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson
You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.
it exists on windows 10 too
I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.
When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM.
A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.
@@joytech23 Containers such as docker? Sure, VMs? Unless you're the target of a highly sophisticated government actor, not really.
@@Follina. Escaping a container (VM or otherwise) in an environment that isn't well prepared is actually pretty easy.
@@joytech23 Unless it's connected to your home network there is really not much you can do
I'm curious about this, but I can't find any reputable sources online. Do you mind sharing any sources/how you got this information? ^^
Yup I saw this happen once forgot what youtuber it was.
First off, this is a super awesome video. And second, I truly believe that vigilance against social engineering and phishing needs to be higher than it ever has, and this video highlights exactly the reason why.
I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code
I almost lost my steam account by some person pretending to be a steam admin and that I was about to get banned. I didn’t fall for it I only gave him my email and he wanted verification code, but when I checked email to change password. Which made me suspicious. He has my email though and is that a problem?
OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!
12:28 yeeeesssss please!
This is actually something ive thought about over the last like 4 years, when I was getting into streaming and doing YT on another channel I started to wonder how RUclipsrs/streamers/people on social media keep their accounts safe when companies or people email them for promo or to collab, or even just send a link to a YT video that might redirect them if they dont know better to check the link. Some of the people I follow on IG have posted "Email this email videos or a written statement to why you should" and so on, and I thought what if someone just hates that person and sends a fake word document and they just open it on their PC or phone and they just start stealing their shit?
Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video:
1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do)
2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet.
3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client
3) I'd say Thunderbird is pretty average and it shows it
@@itsTyrion I mean depends on the type of organisation u are. Most of the ones I know use outlook which it doesn't show without modifications. And outside of professional environments Gmail, yahoo etc are the average clients which also don't show it
Bro gave us a VM tutorial for a video about addressing a scam, props to you man 🗣
This video basically shows that Windows Defender works great and why it should be on at least sometimes 😁😁
5:36 whoo trojan virus ladies and mentelgen got me cracked up 😂
Windows: We have a sandbox preconfigured, optimsed and ready to use at any moments
Bog: I rather use a 3rd party software with all the disadvantages 😭😭😭😭
I wish im like you one day, youre knowledge in the internet is actually crazy!
14:00 AHH I ALWAYS FALL FOR IT
lol
Why did I Read the "Stop Reading My folder names" at 5:04 lol
Same
Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.
Free robux in general is already a huge red flag
@@unnamed_fruit8 nah group funds is real
I will never stop reading your folders BOGGGGG
This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)
hi! I love your video's and I have a sugestion for an upcomming one: A video where you compare some different browsers like firefox, chrome, edge and opera and then discuss what you find important in a browser and give points to them all! Maybe I'll see it comming!
These can sometime just install a powershell script and add it to your Task Scheduler. Which makes the powershell script run every time you restart. I was affected and had to delete the task from the task scheduler.
This isn't really related to the video, but I loved noticing that you were using Posy's Cursors!
Reading the domain of the emails should have been where this video ended !
Thank you, was on my mind since seeing the first email.
This is pure torcher to watch on WIndows 11 with the default sounds
there is inbuild windows virtual machine, which cleans everything as soon as you shut it down
it is in "turn windows features on or off" and virtual machines
hope it helps!!
isn't that a pro feature or sth
Isn't it called Windows Sandbox?
@@sunsetsonwheels I think sandbox is for Windows 11 only
too much hidden humours!! i loved it!! *chef kiss*
How bro gets sponsored 😭 I never get
Verified jump scare💀
When I heard you say "I noticed it was a exe file so I went to my windows computer open it" I almost had a heart attack haha. Glad your brained kicked in. I will say though, never rely 100 percent on a VM to be foolproof, as there are scenarios were the malware can escape the VM to your host machine. I would recommend uploading it to something like virustotal, which will not only let you know which antivirus' detect it as malware, but also run it in their sandbox and give you all the details about the files behavior. That way is as close to foolproof as there is.
Thanks for letting us know. Yes we are sending spam emails to you! We will do it better next time thanks for pointing out the red flags!
not joke!
You admitted it's spam ,right to the spam folder never to be seen again.
5:38 TF2 Mentlegen reference!
5:37 "ladies and mental gen" ??
_Mentalgen_
😂😂😂😂😂😂😂thankfully im not the only one who heard that
01010010 01010101 01001110
Probably a reference to an old TF2 meme. Where spy's famous catch-phrase is reversed.
mentlegen.
*proceeds to smoke guaranteed-lung-cancer-worth amount of cigarettes*
the scammers could at least have obfuscated the beacons or whatever they're using lmao seems like they're using raw metasploit generated shells
Also, windows defender works really well, and that alert about that i comes back is not exactly true, windefender usually confuses different trojans (like in this case, it was clearly a metasploit generated one) and the obfuscation of it is not that complex. The issue would come when they give you not a .exe, but a .bin that actually loads a shellcode directly on the memory (you can google that out if you want, there's a project on github named donut that converts .exe into .bin) meanig since it's directly loaded on the ram it completely bypasses windows defender. if it's on disk windows defender will easily mitigate it. Nice video! you won a cyber researcher follower :P
Btw if you think something is a virus you should not run it in a local VM but on some online VM like Triage/AnyRun
Those also give you a lot of info about the file
You could collaborate with Eric Parker to disassemble the trojan. Could be very interesting :)
vegas is NOT an editing software.
it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.
You're right... It's the best one.
@@SenseiYasir uhhh no
At least Vegas doesn't require a subscription to use, and a fee to unsubscribe.
@@FlushDesert22 yeah fair, I use resolve lmao. But in all seriousness, at least other softwares are stable most of the time... And dont require you pay an obscene amount every time you upgrade. Also Vegas just... Doesn't have much support anymore
It used to be great until whatever they screwed up. Anything I render on vegas either is littered with black frames or extremely pixely. Sticking with pirated premiere that runs on any machine post 2013 lol
4:05 Not always. There are some out there that can jump to the host machine. There are also plenty out there that will detect if they are in a VM and not actually do anything to hide what they really are.
5:04 "STOP READING MY FOLDER NAMES" is literally the funniest thing ive seen-
"stop reading my folder names" bro was determined💀
i would love it for you to review a Framework 16 laptop!
Good info with comedy at the same time😂✌
"STOP READING MY FOLDER NAMES" lmao
10:39 nice folder names
4:40 you could have used 7-zip
Boo fucking hoo
Nanazip better
Cap@@GoatedYoungThug
@@GoatedYoungThug what the fuck is "nanazip"???
@@GoatedYoungThugmeh i use whatever
@@GoatedYoungThug bro calm down I didn't know the freaking Nanazip police was here 💀💀💀