+ Reply to Thread
Results 1 to 3 of 3

Thread: Malware That Detects Sandbox

  1. 01.08.10, 21:08 #1
    BrianBosworth
    BrianBosworth is offline
    BrianBosworth's Avatar
    Join Date
    17.04.08
    Location
    Under The Radar
    P2P Client
    Bangladesh Extreme Mod
    Posts
    196
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss196

    Malware That Detects Sandbox

    I've been reading articles about how far malware and rootkits have evolved. I had no idea that some of the more advanced ones can detect if it's running in a sandbox and thus shut down before it can be analyzed or scanned. Upon further research I found something that can detect this behavior but it only works if you're running Sandboxie. Here's a link to the article: Buster Sandbox Analyzer Makes Sandboxie Stronger | Raymond.CC Blog

    I have enclosed snapshots of a crypter that can detect all of the top virtual environment softwares. Also, If anyone knows of other software that can defeat the stealth mode of malware in a sandboxed environment, please contribute your knowledge to this post.
    Attached Thumbnails Attached Thumbnails Click image for larger version.  Name: tdg-tejon.png  Views: 28  Size: 38.8 KB  ID: 7388   Click image for larger version.  Name: B.png  Views: 26  Size: 59.2 KB  ID: 7390  
    Last edited by BrianBosworth; 02.08.10 at 00:57.
    Reply With QuoteReply With Quote
    Thanks

    2. Who Said Thanks:

    slikrapid (02.08.10) , CS Curse (02.08.10) , cheatos (01.08.10)

  2. 02.08.10, 10:36 #2
    CS Curse
    CS Curse is offline
    Join Date
    13.07.09
    Location
    Mars
    P2P Client
    Bitthief
    Posts
    112
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 ssssss112
    This is bad news. I tought I was safe with my sandbox. By the sound of it, it won't be solved by an update of sandboxie. Still, a sandbox probably safer than no sandbox.

    Edit: I was wondering... if you deleted the sandbox with the malware, the malware would be gone, right?
    Last edited by CS Curse; 02.08.10 at 10:42.
    Reply With QuoteReply With Quote
    Thanks
  3. 02.08.10, 20:13 #3
    anon
    anon is online now
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,451
    Activity Longevity
    8/20 19/20
    Today Posts
    1/5 ssss39451
    Quote Originally Posted by CS Curse View Post
    Edit: I was wondering... if you deleted the sandbox with the malware, the malware would be gone, right?
    Depends on what the malware is set to do. If it merely refuses to run inside a sandbox, just wipe it and it's gone... if it can bypass the sandbox and infect the rest of the system, that should speak for itself.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

    4. Who Said Thanks:

    CS Curse (02.08.10)

+ Reply to Thread
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 0.4125 seconds with 31 queries.