Discussion in 'sandboxing & virtualization' started by karthy1988, Oct 2, 2010.
can anyone tell me how to run Email-Worm.Win32.NetSky.p in sandboxie.......
do you have other security in place and what?
My advice to you in the strongest way is if you have to ask what you did, don't do it.
You have to know what you are doing, and how to protect yourself, in case.
Pete, I sort of disagree with you here.
I've run Malware samples [from TDSS to Security Tool, and from Zeus Trojan to other fake AV's ] inside Sandboxie [taking precautions, of course] without getting my PC infected by them. But, well that's just me.
If you don,t know how to run them inside SBIE, you must not run them for sure. You will most probably end up with an infected PC.
If you really want to mess with this, I suggest you to read a lot here and use VMware, VirtualBox or VirtualPC.
You didn't read what I wrote. I didn't say you couldn't safely do it, but if one doesn't know enough to have to ask about it, they may well get themselves into trouble.
You know what you are doing, and that is a different matter.
Yes, i have other security in place
Aigle, ya u r right that VMware, VirtualBox or VirtualPC provide a greater foolproof mechanisms than the sandboxie but i am currently involved in designing a malware detection in real time which is automatic and consumes less resources in the sys .......
If u knw how to run tat worm in sandboxie pls help me out
Thanks for ur valuable advise Peter. But will u agree with me that without experimenting with things , u cant learn anything even if that cause u grt damage. Anyway , while running it i will take the precautions also.
If u knw how to run that worm in sandboxie , pls help me out.......
You can run it in sandboxie. I would add another VM or virtualization. Having a backup image can't hurt either. I usually run malware in sandboxie w/ buster sandbox analyzer and Wondershare time freeze. Its cheap and easy to use.
Any reason why you couldn't use a VM or Returnil etc ? Or are you trying to see if you bypass sandboxie ?
If u can see the pdf which comes with Buster sandbox analyzer , there in chapter 7 he has given two examples of worm taken from VX heaven and its analysis report. But since that worm had no proper format (as u can see in the name of the worm itself it is a .p file, unknown format), wen i tried running it in sandboxie it asks me to choose the application which will run that worm......
any suggestions ??
Try changing Win32.NetSky.p to Win32.NetSky.pdf
I am currently testing DefenseWall Personal Firewall (3.07) against numerous types of threats including stuxnet, TDSS, Drooptroop, Safesys, and many others. So far DefenseWall rocks. I even install SRWare Iron (6.0.475.1) as untrusted (from USB) and was able to rollback successfully without any trace of anything I think you can also try running malware via DefenseWall and check its events log to have an idea of destruction by malware sample.
Just add .exe and see how it goes?
Separate names with a comma.