Also, I just realised that you can reduce email spam by around 70-80% by scrolling back up to SMASH the like button

This turned from a video about viruses to an virtual box ad.

Congratulations on getting me to watch a 14 minute long ad for VirtualBox!

I live in india, Zomato is a legit company, and really big like doordash, this person is definitely pretending to be them.

A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.

Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.

This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters. Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.

Plot twist: this whole video was a virtual box promo 🗿

Nice folder called "STOP READING MY FOLDER NAMES". Gotta love that!

Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.

I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.

Clarification on virtual machines: some clever viruses can detect and potentially even escape virtual machines (although the latter is rare)

9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).

Hey Bog if you see this, in the future DO NOT connect a ethernet cable or Wi-Fi they can infect your router.

protip: don't keep cloning the machines, use snapshots! you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple

Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!

Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you. I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it. I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in? I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!

3:39 my bad for reading your folder names

6:23 If there's spelling and grammar mistakes then there's definitely something wrong in my opinion.

As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.

"Now imagine if I opened this on my actual computer, not a virtual machine." Your Windows Defender on your actual computer would have blocked and quarantined it as well.

0:29 nope, broken english = its a phish.

Booting in a VM is sure safer EXCEPT WHEN THAT VM IS CONNECTED TO THE INTERNET!

good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!

Just realised Zomato doesn't exist in other countries. Basically it's like doordash

3:40 love the "STOP READING MY FILE NAMES" folder 🤣🤣🤣🤣

"theres a .pl" Ok so its Polish "Its from the netherlands"

Windows has a optional feature called "Windows Sandbox". It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine. Its pretty good & safe and doesn't use as much space as VirtualBox.

5:36 whoo trojan virus ladies and mentelgen got me cracked up 😂

5:46 You can also create a snapshot of the VM in VirtualBox and restore it after you're done, that way you don't have to have multiple VMs.

Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM. *Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort. Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.

Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....

9:38 this gives "I always come back" vibes

7:57 Polish domain

10:03 Fun fact: if u have windows pro version, u can use windows sandbox too

this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting

4:33 insert vsauce music

Try opening it without windows defender turned on

Someone: sending an email to sponsor a company Bog: ends up sponsoring/recommending oracle virtualbox😊

Instead of cloning, you can use a snapshot to clone a vm at a point in time, so you can restore it back after running sketchy stuff

"Kindly" is scammer's favourite word

Bog when he discovers some viruses are capable of escaping Virtual Machines

always hit up the original company and ask about the email address that you had gotten to see if its in the system :)

I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code

you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner

When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM. A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.

OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!

From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox

I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.

"woo, trojan virus ladies and mentalgen" 🤣🤣🤣🤣

"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽

Man keep doing these,really loving your work so far

If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.

you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later

the immediate redflag is the sender not having zomato in the email

W video, really smart to open the file in a virtual box :)

I was not expecting the spy jumpscare lmao. Great video!

You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.

Bro gave us a VM tutorial for a video about addressing a scam, props to you man 🗣

Reading the domain of the emails should have been where this video ended !

"stop reading my folder names" bro was determined💀

vegas is NOT an editing software. it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.

The use of the word “kindly” should have been the first red flag.

5:37 "ladies and mental gen" ??

I love that your videos don't have music. Very satisfying!

This video basically shows that Windows Defender works great and why it should be on at least sometimes 😁😁

inb4 "thank you Virtual Box for sponsoring this video"

there is inbuild windows virtual machine, which cleans everything as soon as you shut it down it is in "turn windows features on or off" and virtual machines hope it helps!!

When you begin to touch your heart or let your heart be touched, you begin to discover that it's bottomless.

Windows: We have a sandbox preconfigured, optimsed and ready to use at any moments Bog: I rather use a 3rd party software with all the disadvantages 😭😭😭😭

Friendly reminder doing this on a VM is always still risky. Some malware exploits bugs in the virtual machine to infect your main computer.

7:30 POLAAAANDDDDDD RAAAAAAAAAAAAHHHHHHHHH!!!!

even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson

Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.

First off, this is a super awesome video. And second, I truly believe that vigilance against social engineering and phishing needs to be higher than it ever has, and this video highlights exactly the reason why.

This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)

The sixth sense of knowing you have a virus is crazy. I got the sixth sense once, and it saved me 20k in crypto. I transferred it all out to an exchange and left like $100 in eth in my wallet and when I woke up the next day it was stolen lol.

These can sometime just install a powershell script and add it to your Task Scheduler. Which makes the powershell script run every time you restart. I was affected and had to delete the task from the task scheduler.

for virtual machines, you should use snapshots instead of clones, it uses way less storage, and you can return to a specific backup when needed.

5:04 "STOP READING MY FOLDER NAMES" is literally the funniest thing ive seen-

Well done, sir. I would have also had some suspicion regarding this “company” (3.18 USD is hopefully _not_ a stock price you’d want to have) but the way you also handled the rest was truly remarkable. Wishing you luck in your other financial ventures

14:00 AHH I ALWAYS FALL FOR IT

4:05 Not always. There are some out there that can jump to the host machine. There are also plenty out there that will detect if they are in a VM and not actually do anything to hide what they really are.

7:41 poland mentioned!!!!!!!!

Thank you for the very useful information. I will password protect my zip files from now on.

7:38 yooo poland

You could collaborate with Eric Parker to disassemble the trojan. Could be very interesting :)

Btw if you think something is a virus you should not run it in a local VM but on some online VM like Triage/AnyRun

i would love to see you scan your actual computer with hitman pro or KVRT just to make sure there are no traces outside of the VM

Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video: 1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do) 2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet. 3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client

the moment you said "it copies itself and can regenerate itself" i had to pause the video, check windows defender, and its protection history.. thanks god my system is clean so far.

How bro gets sponsored 😭 I never get

Please do an iWork vs Office. ❤ I've never seen anyone doing an in depth comparison between Apple and Microsoft in this area. Great videos. Thanks 👌

Thanks for letting us know. Yes we are sending spam emails to you! We will do it better next time thanks for pointing out the red flags! not joke!

i love the folder called "STOP READING MY FOLDER NAMES"

3:42 fine i guess I'll stop😞

label:yoink - hahahaha. You're the funniest, Bog. Love your work - keep it up.

12:28 yeeeesssss please!

I will never stop reading your folders BOGGGGG

i would love it for you to review a Framework 16 laptop!