Interesting example

Discussion in 'other anti-malware software' started by alex_s, Feb 12, 2009.

Thread Status:
Not open for further replies.
  1. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    The link works for me, i am reading it.
     
  3. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I mean download link:

    ===
    hxxp://************/y1pXm4AmhPZ-DEI8fsYNsAB1gDhPGNn4Fe-cSrJadzoG_Dw_CD_a68DsboKUEJgCcYnDaMYXUc5YPbVxXfqeQCjoA/gOOGLE.exe
    ===

    The forum itself is accessible, fortunately :)
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    If anybody already downloaded this sample- please, send it to me via e-mail or PM.
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Same here - I would be very interested in this sample.
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    According to Tzuk nothing is written outside of SBIE on his tests so this does seem to be a case of misconfiguration/conflict as these SBIE-bypassing super malware almost invariably turn out to be.:doubt: Having said that it will be interesting to see if there is a security hole by default or by user error.
     
    Last edited: Feb 12, 2009
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Most malware can live only due to user errors. This is what additional security is for - to correct user errors.
     
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Ran it here in a default sanbox with no leeks at all?
     
  9. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    You need to have sandboxie and CIS installed together and allow the defense+ pop-up for debug privileges,

    I haven't tested it myself though.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I tried it with

    1- CIS 3.5.57173.439 and SBIE 3.34

    2- CIS 3.5.57173.439 and GW

    3- CIS alone

    No problems. No leaks on my system.
     
  11. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    Thanks for the update,

    I just saw the new post on the sandboxie thread as well looks like a problem with the OP only,

    No leaks. ;)
     
Thread Status:
Not open for further replies.