Yep. And for maximum safety that VM shouldn't use the HW virtualization extensions/acceleration, and have its virtual Ethernet connection unplugged (the VM shouldn't be capable of communicating with the real machine)
And keep in mind that even *that* isn't 100% watertight, as malware may very well exploit vulnerabilities in the VM's drivers or memory management to pull themselves out of the VM and infect the host, for instance this vulnerability report describing how the VirtualBox 3D graphics driver can be compromised to run arbitrary code on the host system. Admittedly this comes from a driver that taps into the host's 3D acceleration capabilities, but it could potentially happen for any driver, even a simple virtual mouse or keyboard driver. Of course, all that is unlikely to be a threat in practice, as almost all malware isn't VM-aware, and most of those who are just want to shut down so they can't be analyzed (the primary reason malware finds itself in a VM to begin with) so run-of-the-mill malware will be well-contained in a VM with no network connection.