A new variety of malware has defeated on-premises sandboxes. What is your take on the significance of this threat?...
Does it make sandboxing less valuable?
Ever since the introduction of sandboxes, there has been a cat-and-mouse game between attackers and sandbox makers. For their malware to be successful beyond just a proof-of-concept malware or exploit, it is important that malware authors be able to understand sandboxes and how to escape them or at least how to achieve their end regardless of the sandbox. The harder it is for antimalware researchers to create automated detection and remediation, the longer malware can run in the wild. This goes for all parts of malware analysis for sandboxes and network communication aspects of malware.
Seculert wrote a blog post about a recent version of the Sazoora malware, aptly named Sazoora.B, which has been able to effectively defeat sandboxes. The original Sazoora is a browser-based malware that steals data by injecting fraudulent code into webpages. Sazoora.B, on the other hand, has evolved to make malware analysis more difficult by delaying its execution to slow the automated analysis performed.
Many times, systems will delay delivering an email or connecting to a webpage until a file has successfully passed the sandbox. By delaying execution by, say, 15 minutes, the target's malware analysis potentially could time out and the malware could pass onto the local system. The reason for this might be a configurable option that drops emails or connections if something hasn't executed in a specific time period. This doesn't depend on a local or remote sandbox; rather, it depends on how extensive the analysis is and the security policy the organization has configured in the system about how long to wait until passing a file to an endpoint. Using an outsourced or cloud sandbox may provide more dedicated resources to the analysis of the malware and boost enterprise protection.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers at Trend Micro found a new strain of malware -- dubbed FacexWorm -- that targets users via a malicious Chrome extension. Discover how ... Continue Reading
Researchers at the 2018 RSA Conference discussed the increasing availability of malware that uses steganography, dubbed stegware. Discover how this ... Continue Reading
Researchers from AlienVault found a new cryptocurrency mining malware -- dubbed MassMiner -- that infects systems across the web. Learn how this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.