Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Boring Malware Sneaks By Antivirus Sandboxing

26 Mar 2013   #1

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 
Boring Malware Sneaks By Antivirus Sandboxing

Quote:
Performing dynamic analysis of unknown software in a controlled environment—or "sandboxing"—is a powerful tool security professionals use to flush out malware. However, the bad guys are wise to the technique and have been introducing new tricks to break out of the sandbox and into your system.

"Dynamic analysis is the right way, and lots of people do it," said Christopher Kruegel, co-founder and chief scientist of the security company LastLine. "But really, that is just scratching the surface." The old model for AV solutions focused on lists of known malware, and guarded against anything that matched that list. The trouble is that this method can't guard against zero-day exploits or the innumerable variations on existing malware.

Enter sandboxing, which executes unknown software in a controlled environment, like a virtual machine, and watches to see if it behaves like malware. By automating the process, AV companies have been able to provide real-time protection against threats they've never seen before.
Source

A Guy


My System SpecsSystem Spec
.

27 Mar 2013   #2

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Interesting

So much for sandboxes.
My System SpecsSystem Spec
28 Mar 2013   #3

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Quote   Quote: Originally Posted by lehnerus2000 View Post
So much for sandboxes.
My System SpecsSystem Spec
.


07 Apr 2013   #4

Windows 7 Pro. 64/SP-1
 
 

I think the problem is even more dangerous than most because people who have been using Sandybox thought they were untouchable and still do.
They don't read threads like this and keep informed.
They just keep doing the same old thing in the same old way thinking they can't be touch because the use Sandybox.
Thanks for the info Bill.
My System SpecsSystem Spec
07 Apr 2013   #5

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

This seems to be about AV programs using sandboxing temporarily until they determine something is safe. A program like Sandboxie keeps the files in the sandbox indefinitely unless you tell it to release it. But, I can see this as evolving into "timebomb" applications that work normally for a period of time (until you have determined they are safe), then deploying their payload. If only the people developing these malicious programs would use their genius for the benefit of us all, instead of for easy money. A Guy
My System SpecsSystem Spec
07 Apr 2013   #6

Windows 7 Pro. 64/SP-1
 
 

How about this method. (Plan of Attack)
-----------------
The three stealth soldier attack.

Three soldiers enter the Sandybox and stay stealth.
After a period of time they are allowed in the system.
They all go to their assigned positions.
Soldier one on que raises hell so soldiers two and three can observe and study the defense of the computer and programs.
Soldier two stays stealth and watches. Soldier three finds another backdoor and holds it open for more soldiers.
All are stealth for a period of time not wanting the owner operator of the system to get to worried and do the dreaded Clean and Fresh Install.
Now soldier two will be sacrificed like soldier one so the new backdoor soldiers can get in position and do their assignment and remain stealth for at least a few months and if things go well even longer.
The soldiers never give up until they are destroyed.
All of them.
My System SpecsSystem Spec
Reply

 Boring Malware Sneaks By Antivirus Sandboxing




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:31 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33