Infecting a guest machine with a virus..

[ZombieAndy]

Hello all, first of all I am new to the forum so I apologise if this post is in the wrong place or has already been discussed a million times before, I have searched but I couldn't find much on the topic.

I'm studying for my CISSP and looking to get a job in IT security eventually and I thought it would be good experience to use VirtualBox to deliberately infect a guest machine with a virus or other piece of malware and have a play with it. I was just wondering if I go ahead and do this, how safe is my host PC? Is there extra steps or precautions I should take before doing this?

Host is a windows 10 (just upgraded from win 7 last week! its great ) and the clients ive set up are XP and win 7 if this helps.

Thanks in advance.

[Legorol]

It is safe as long as you don't allow any form of contact between the guest and the host. This means:
- do not connect the guest to the host network, not even through NAT or Host-only connection
- do not enable any shared folders
- do not install guest additions

[bmn]

What would the infected machine be able to do if you enable network or share an EMPTY folder?

Nothing really critical, right? Like accessing data outside of that scope. Of course it could be used as a botnet or things like that, but that's it.

[mpack]

What would the infected machine be able to do if you enable network or share an EMPTY folder?

Nothing, assuming the person using the VM isn't a complete numpty. Otherwise the risks you can take will depend on where you are on the numpty spectrum.

For example, only executable files can be infected, so non executable files such as texts and JPGs are perfectly safe for a shared folder (I'm assuming that sharing an EMPTY folder is a pointless exercise). Also safe are executable files that you don't execute until they are moved and checked. Doc and Xls files could have macro viruses... and I'm struggling to think of much else that could go wrong. An offline scanner would be a useful tool for the host.