Also, I just realised that you can reduce email spam by around 70-80% by scrolling back up to SMASH the like button

This turned from a video about viruses to an virtual box ad.

A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.

Plot twist: this whole video was a virtual box promo 🗿

3:39 my bad for reading your folder names

I live in india, Zomato is a legit company, and really big like doordash, this person is definitely pretending to be them.

Congratulations on getting me to watch a 14 minute long ad for VirtualBox!

Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.

This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters. Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.

Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.

"theres a .pl" Ok so its Polish "Its from the netherlands"

Clarification on virtual machines: some clever viruses can detect and potentially even escape virtual machines (although the latter is rare)

I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.

Hey Bog if you see this, in the future DO NOT connect a ethernet cable or Wi-Fi they can infect your router.

9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).

Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!

6:23 If there's spelling and grammar mistakes then there's definitely something wrong in my opinion.

good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!

0:29 nope, broken english = its a phish.

As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.

"Now imagine if I opened this on my actual computer, not a virtual machine." Your Windows Defender on your actual computer would have blocked and quarantined it as well.

Booting in a VM is sure safer EXCEPT WHEN THAT VM IS CONNECTED TO THE INTERNET!

protip: don't keep cloning the machines, use snapshots! you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple

7:57 Polish domain

Nice folder called "STOP READING MY FOLDER NAMES". Gotta love that!

Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....

3:40 love the "STOP READING MY FILE NAMES" folder 🤣🤣🤣🤣

9:38 this gives "I always come back" vibes

5:46 You can also create a snapshot of the VM in VirtualBox and restore it after you're done, that way you don't have to have multiple VMs.

4:33 insert vsauce music

Just realised Zomato doesn't exist in other countries. Basically it's like doordash

7:30 POLAAAANDDDDDD RAAAAAAAAAAAAHHHHHHHHH!!!!

10:03 Fun fact: if u have windows pro version, u can use windows sandbox too

Bog when he discovers some viruses are capable of escaping Virtual Machines

I was not expecting the spy jumpscare lmao. Great video!

Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you. I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it. I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in? I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!

Windows has a optional feature called "Windows Sandbox". It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine. Its pretty good & safe and doesn't use as much space as VirtualBox.

7:41 poland mentioned!!!!!!!!

"woo, trojan virus ladies and mentalgen" 🤣🤣🤣🤣

this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting

OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!

W video, really smart to open the file in a virtual box :)

Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM. *Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort. Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.

Instead of cloning, you can use a snapshot to clone a vm at a point in time, so you can restore it back after running sketchy stuff

When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM. A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.

Man keep doing these,really loving your work so far

you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner

Try opening it without windows defender turned on

Someone: sending an email to sponsor a company Bog: ends up sponsoring/recommending oracle virtualbox😊

From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox

I will never stop reading your folders BOGGGGG

I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code

you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later

If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.

"stop reading my folder names" bro was determined💀

Reading the domain of the emails should have been where this video ended !

I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.

Interesting Video. Btw you can also use the Windows Sandbox. It automatically resets after you close the window.

I love that your videos don't have music. Very satisfying!

14:00 AHH I ALWAYS FALL FOR IT

This is actually something ive thought about over the last like 4 years, when I was getting into streaming and doing YT on another channel I started to wonder how KZbinrs/streamers/people on social media keep their accounts safe when companies or people email them for promo or to collab, or even just send a link to a YT video that might redirect them if they dont know better to check the link. Some of the people I follow on IG have posted "Email this email videos or a written statement to why you should" and so on, and I thought what if someone just hates that person and sends a fake word document and they just open it on their PC or phone and they just start stealing their shit?

vegas is NOT an editing software. it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.

Why did I Read the "Stop Reading My folder names" at 5:04 lol

Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.

"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽

This video basically shows that Windows Defender works great and why it should be on at least sometimes 😁😁

5:36 whoo trojan virus ladies and mentelgen got me cracked up 😂

You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.

too much hidden humours!! i loved it!! *chef kiss*

This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)

The use of the word “kindly” should have been the first red flag.

Windows: We have a sandbox preconfigured, optimsed and ready to use at any moments Bog: I rather use a 3rd party software with all the disadvantages 😭😭😭😭

the immediate redflag is the sender not having zomato in the email

5:37 "ladies and mental gen" ??

even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson

12:28 yeeeesssss please!

5:38 TF2 Mentlegen reference!

Btw if you think something is a virus you should not run it in a local VM but on some online VM like Triage/AnyRun

First off, this is a super awesome video. And second, I truly believe that vigilance against social engineering and phishing needs to be higher than it ever has, and this video highlights exactly the reason why.

Thanks for letting us know. Yes we are sending spam emails to you! We will do it better next time thanks for pointing out the red flags! not joke!

When I heard you say "I noticed it was a exe file so I went to my windows computer open it" I almost had a heart attack haha. Glad your brained kicked in. I will say though, never rely 100 percent on a VM to be foolproof, as there are scenarios were the malware can escape the VM to your host machine. I would recommend uploading it to something like virustotal, which will not only let you know which antivirus' detect it as malware, but also run it in their sandbox and give you all the details about the files behavior. That way is as close to foolproof as there is.

These can sometime just install a powershell script and add it to your Task Scheduler. Which makes the powershell script run every time you restart. I was affected and had to delete the task from the task scheduler.

Thank you for the very useful information. I will password protect my zip files from now on.

there is inbuild windows virtual machine, which cleans everything as soon as you shut it down it is in "turn windows features on or off" and virtual machines hope it helps!!

Bro gave us a VM tutorial for a video about addressing a scam, props to you man 🗣

Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video: 1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do) 2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet. 3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client

When you begin to touch your heart or let your heart be touched, you begin to discover that it's bottomless.

How bro gets sponsored 😭 I never get

This is pure torcher to watch on WIndows 11 with the default sounds

5:04 "STOP READING MY FOLDER NAMES" is literally the funniest thing ive seen-

always hit up the original company and ask about the email address that you had gotten to see if its in the system :)

I am an Indian who has been to your country of Switzerland, Zomato doesn’t even work outside of India, checked while I was in Switzerland and it didn’t work. It’s undoubtedly fake.

inb4 "thank you Virtual Box for sponsoring this video"

i would love it for you to review a Framework 16 laptop!

i love the folder called "STOP READING MY FOLDER NAMES"

"STOP READING MY FOLDER NAMES" lmao

"Kindly" is scammer's favourite word

4:40 you could have used 7-zip

You could collaborate with Eric Parker to disassemble the trojan. Could be very interesting :)

you know so little it's a crime you are allowed to 'explain' things to other people