Interesting example

Discussion in 'other anti-malware software' started by alex_s, Feb 12, 2009.

Thread Status:
Not open for further replies.
  1. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    The link works for me, i am reading it.
     
  3. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I mean download link:

    ===
    hxxp://************/y1pXm4AmhPZ-DEI8fsYNsAB1gDhPGNn4Fe-cSrJadzoG_Dw_CD_a68DsboKUEJgCcYnDaMYXUc5YPbVxXfqeQCjoA/gOOGLE.exe
    ===

    The forum itself is accessible, fortunately :)
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    If anybody already downloaded this sample- please, send it to me via e-mail or PM.
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,655
    Location:
    Sydney, Australia
    Same here - I would be very interested in this sample.
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    According to Tzuk nothing is written outside of SBIE on his tests so this does seem to be a case of misconfiguration/conflict as these SBIE-bypassing super malware almost invariably turn out to be.:doubt: Having said that it will be interesting to see if there is a security hole by default or by user error.
     
    Last edited: Feb 12, 2009
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Most malware can live only due to user errors. This is what additional security is for - to correct user errors.
     
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Ran it here in a default sanbox with no leeks at all?
     
  9. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    You need to have sandboxie and CIS installed together and allow the defense+ pop-up for debug privileges,

    I haven't tested it myself though.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,109
    Location:
    Saudi Arabia/ Pakistan
    I tried it with

    1- CIS 3.5.57173.439 and SBIE 3.34

    2- CIS 3.5.57173.439 and GW

    3- CIS alone

    No problems. No leaks on my system.
     
  11. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    Thanks for the update,

    I just saw the new post on the sandboxie thread as well looks like a problem with the OP only,

    No leaks. ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.