Virtual Machines are virtualized computers used for multiple purposes. They are basically a PC in your PC and require virtualization software and the virtualized PC or an operating system. We use them for a variety of purposes. Some of them are used to provide a secure, sandboxed environment for the scammers to connect to, without harming your host PC with all your personal files. Another purpose is the use of highly customized operating systems that contain tools and software used for scambaiting research, penetration testing, or other IT-security-related tools. To run a virtual machine, your computer needs to have somewhat recent specs, such as at least 8 GB of RAM, about 25 GB free disk space to accommodate the software itself as well as the virtual machines and a decent CPU such as an Intel i5-7xxxx or an AMD Ryzen 5 2600 or better.
Windows 11 Scambaiting VM
If you don’t want to go through all the hassle of disguising a virtual machine and getting it ready, then look no further. I present my pre-made scambaiting virtual machine and its required software:
This virtual machine is based on Windows 11 Insider Preview. I created this virtual machine for VMware so it works best with VMware products, e.g. VMware Player (free) or Workstation Pro (paid) to run. Download the .7z file. To unpack this archive, you’ll need 7-Zip (download link below). Open VMware and click on ‘Open’ and select the .vmx file. I set RAM to 4 GB, depending on how much physical RAM you have installed, change it up to 8 GB for better performance. Don’t assign more than 50% of your physical resources to the VM. The default user is Joe, the password is 0808. Also, I included a fake popup if you need one. It’s located on the desktop as ‘Micerosoft’ link. You can edit the number in the HTML.
Version 1.0 (2021-10-11): initial release
Version 1.1 (2021-10-12):
- fixed the Task Manager saying “Virtual Machine: yes”
- fixed Installed Programs showing VMware Tools
Credits:
– Windows 11 Insider Preview by Microsoft
– Jim Browning [Tutorial] How to make a stealthy Virtual Machine at https://youtu.be/6TM45vNI4Qc
– Lost Key who created an easy-to-use batch script: https://pastebin.com/hRsC5a8h
– UFO Pilot’s fake msinfo32: https://scambait.club/upscambaittools/upmsinfo32
– Firefox Browser History generator: https://trackthis.link
– Cyberror Scambaiting Guide: https://web.archive.org/web/20210214220701/https://cyberror.com/how-to/scambaiting-guide/
Windows 10 Scambaiting VM
If you don’t want to go through all the hassle of disguising a virtual machine and getting it ready, then look no further. I present my pre-made scambaiting virtual machine and its required software:
This virtual machine is based on Windows 10 Home. I created this virtual machine for VMware so it works best with VMware products, e.g. VMware Player (free) or Workstation Pro (paid) to run. Download the .7z file. To unpack this archive, you’ll need 7-Zip (download link below). Open VMware and click on ‘Open’ and select the .vmx file. I set RAM to 4 GB, depending on how much physical RAM you have installed, change it up to 8 GB for better performance. Don’t assign more than 50% of your physical resources to the VM. The default user is Robert , the password is 0808 . Also, I included a fake popup if you need one. It’s located on the desktop as ‘Micerosoft’ link. You can edit the number in the HTML. To change the wallpaper and customize more things, you’d need to activate Windows. This virtual machine is not activated. For that, you’d need to purchase a Windows 10 license key, e.g. on eBay for a few bucks.
Version 1.0 (2022-01-30): initial release
Credits:
– Windows 10 Home by Microsoft: https://www.microsoft.com/en-us/software-download/windows10
– Jim Browning [Tutorial] How to make a stealthy Virtual Machine at https://youtu.be/6TM45vNI4Qc
– Lost Key who created an easy-to-use batch script: https://pastebin.com/hRsC5a8h
– UFO Pilot’s fake msinfo32: https://scambait.club/upscambaittools/upmsinfo32
– Firefox Browser History generator: https://trackthis.link
– Cyberror Scambaiting Guide: https://web.archive.org/web/20210214220701/https://cyberror.com/how-to/scambaiting-guide/
Kali Linux
Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics, and Reverse Engineering. Kali Linux is a multi-platform solution, accessible and freely available to information security professionals and hobbyists. It also contains software, namely Maltego, used for OSINT investigations and thus is interesting for us scambaiters.
Tracelabs OSINT VM
The Trace Labs team created a specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts we saw being used during our Search Party CTF’s. Inspired by the infamous Buscador VM, the Trace Labs OSINT VM was built in a similar way, to enable OSINT investigators participating in the Trace Labs Search Party CTF’s a quick way to get started and have access to the most popular OSINT tools and scripts all neatly packaged under one roof.