Likely Malware Found In Course Materials

Dear Concerned Readers,

Notice, I have yet to complete the entire course, so I do not know if this malware was intentional or not, although some forewarning would be nice even if it was intentional.

The Complete Ethical Hacking Certification Course - CEH v.11

I have not tested other virtual machines yet.

Report Steps to reproduce

  1. Download VMs (XP Victim or Server 2003)
  2. Download Kaspersky rescue disk.
  3. Give VMs 2GB of RAM
  4. Attach the Kaspersky rescue disk.
  5. Boot from Kaspersky rescue disk.
  6. Choose Low Graphics mode.
  7. Scan for malware.
  8. Several viruses and malware reported.

Dangerous Packets Steps to reproduce

  1. Download VMs
  2. Create firewall rules to isolate infected machine ip/mac-address (do not connect to internet)
  3. ipconfig
  4. connect machine running wireshark to subnet or use wireshark app on router device (or device pretending to be a router)
  5. Use wireshark to check for DNS requests to router from infected vm

Youtube Series Describing the Issue

Potential replacement candidates.

Please check and verify these ISOs are safe using your own technology.

So far I have only had time to test the Windows XP iso and it does not appear to have malware.

XP archive.org iso
Server 2003

Thank you for letting us know. We will look into it now.

Thank you for your comments, kindly be aware that the virtual machines used in the EH training are completely isolated from your physical machines and since this is an EH training, you need to practice different types of attached in a virtual environment, that’s why VM include hacking tools and malware building tools so dont worry, Some AV that includes IDS feature detected as malware in the virtual network but its completely isolated from the physical machine.

Please note that the vm I was using was by default using NAT.

I tested inside the vms with NAT. I could access both my routers and open internet with NAT enabled.

I have attached image evidence that suggest these vms were only semi-isolated and contacting known malware domains.

Example domain test.

Why not make a new NAT network with a different subnet and place the VM’s in that network?

The lab is completely secure, however, if you want to build your own lab, you can do that and i can send you the list of tools needed in the course and you can download them yourself.

I already isolated the network with firewall settings.

Yes, I will do that. I have found most of the tools now.

Which hypervisor do you use? ( VMware, virtualbox, hyper-v ect.)
Make a new nat network there and isolate it there.

I am using VMWare.
I have successfully isolated the machines using firewall rules in OPNSense.

I am using a subnet with two virtual ethernet devices (one bridged and the other unused) and firewall rules to block select devices from accessing the internet WAN. They can still communicate with other devices on the LAN if I choose to change my firewall rules accordingly.

I am rebuilding the Virtual Machines from scratch. I found all the required tools required so far, to complete the course.

If I run into any problems I will make them known.

Sorry to have inconvenienced everyone.