Somebody emailed me a trojan virus 

Also, I just realised that you can reduce email spam by around 70-80% by scrolling back up to SMASH the like button

This turned from a video about viruses to an virtual box ad.

I live in india, Zomato is a legit company, and really big like doordash, this person is definitely pretending to be them.

Plot twist: this whole video was a virtual box promo 🗿

Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.

Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.

A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.

Clarification on virtual machines: some clever viruses can detect and potentially even escape virtual machines (although the latter is rare)

Hey Bog if you see this, in the future DO NOT connect a ethernet cable or Wi-Fi they can infect your router.

3:39 my bad for reading your folder names

I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.

9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).

This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters. Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.

Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!

6:23 If there's spelling and grammar mistakes then there's definitely something wrong in my opinion.

"theres a .pl" Ok so its Polish "Its from the netherlands"

0:29 nope, broken english = its a phish.

Congratulations on getting me to watch a 14 minute long ad for VirtualBox!

good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!

Booting in a VM is sure safer EXCEPT WHEN THAT VM IS CONNECTED TO THE INTERNET!

As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.

protip: don't keep cloning the machines, use snapshots! you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple

"Now imagine if I opened this on my actual computer, not a virtual machine." Your Windows Defender on your actual computer would have blocked and quarantined it as well.

Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....

7:57 Polish domain

5:46 You can also create a snapshot of the VM in VirtualBox and restore it after you're done, that way you don't have to have multiple VMs.

3:40 love the "STOP READING MY FILE NAMES" folder 🤣🤣🤣🤣

I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code

4:33 insert vsauce music

Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you. I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it. I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in? I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!

Bog when he discovers some viruses are capable of escaping Virtual Machines

Just realised Zomato doesn't exist in other countries. Basically it's like doordash

7:41 poland mentioned!!!!!!!!

"woo, trojan virus ladies and mentalgen" 🤣🤣🤣🤣

10:03 Fun fact: if u have windows pro version, u can use windows sandbox too

7:30 POLAAAANDDDDDD RAAAAAAAAAAAAHHHHHHHHH!!!!

this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting

Windows has a optional feature called "Windows Sandbox". It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine. Its pretty good & safe and doesn't use as much space as VirtualBox.

Someone: sending an email to sponsor a company Bog: ends up sponsoring/recommending oracle virtualbox😊

Man keep doing these,really loving your work so far

When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM. A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.

Instead of cloning, you can use a snapshot to clone a vm at a point in time, so you can restore it back after running sketchy stuff

I was not expecting the spy jumpscare lmao. Great video!

vegas is NOT an editing software. it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.

"stop reading my folder names" bro was determined💀

From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox

Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM. *Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort. Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.

Try opening it without windows defender turned on

The use of the word “kindly” should have been the first red flag.

If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.

The “STOP READING MY FOLDER NAMES”got me dying 😂

you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner

OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!

W video, really smart to open the file in a virtual box :)

"Kindly" is scammer's favourite word

14:00 AHH I ALWAYS FALL FOR IT

Reading the domain of the emails should have been where this video ended !

5:37 "ladies and mental gen" ??

I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.

you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later

I love that your videos don't have music. Very satisfying!

You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.

Thank you for the very useful information. I will password protect my zip files from now on.

Interesting Video. Btw you can also use the Windows Sandbox. It automatically resets after you close the window.

"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽

Windows: We have a sandbox preconfigured, optimsed and ready to use at any moments Bog: I rather use a 3rd party software with all the disadvantages 😭😭😭😭

Please do an iWork vs Office. ❤ I've never seen anyone doing an in depth comparison between Apple and Microsoft in this area. Great videos. Thanks 👌

Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video: 1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do) 2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet. 3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client

Why did I Read the "Stop Reading My folder names" at 5:04 lol

This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)

too much hidden humours!! i loved it!! *chef kiss*

Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.

inb4 "thank you Virtual Box for sponsoring this video"

This video basically shows that Windows Defender works great and why it should be on at least sometimes 😁😁

I will never stop reading your folders BOGGGGG

Would have been interesting to see what does this virus do, rather than just to show a windows defender popup and be like "see, it's a virus, on to the next one..."

Me: "Wait... this was a Virtual Box tutorial the whole time?" Bog: "Always been.."

12:28 yeeeesssss please!

"Or, can I- Yes I can." inspiring words

These can sometime just install a powershell script and add it to your Task Scheduler. Which makes the powershell script run every time you restart. I was affected and had to delete the task from the task scheduler.

Instructions unclear, I now own a collection of sff desktop pcs that I use as physical machines, and use a magnet to delete the OS on spinning rust.

Btw if you think something is a virus you should not run it in a local VM but on some online VM like Triage/AnyRun

Well done, sir. I would have also had some suspicion regarding this “company” (3.18 USD is hopefully _not_ a stock price you’d want to have) but the way you also handled the rest was truly remarkable. Wishing you luck in your other financial ventures

there is inbuild windows virtual machine, which cleans everything as soon as you shut it down it is in "turn windows features on or off" and virtual machines hope it helps!!

5:38 TF2 Mentlegen reference!

How bro gets sponsored 😭 I never get

"Ladies and Mentlegen" got me rolling

Thanks for letting us know. Yes we are sending spam emails to you! We will do it better next time thanks for pointing out the red flags! not joke!

even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson

5:04 "STOP READING MY FOLDER NAMES" is literally the funniest thing ive seen-

And that’s why I started working with a manager

I am an Indian who has been to your country of Switzerland, Zomato doesn’t even work outside of India, checked while I was in Switzerland and it didn’t work. It’s undoubtedly fake.

Better than a yottabyte zip bomb, my chromebook killed itself

"STOP READING MY FOLDER NAMES" lmao

the immediate redflag is the sender not having zomato in the email

i would love it for you to review a Framework 16 laptop!

"Ladies and Mentlegen" I laughed way too hard

you know so little it's a crime you are allowed to 'explain' things to other people

i love the folder called "STOP READING MY FOLDER NAMES"

Even inside the virtual machine thats still risky