October 25th, 2006, 01:36 AM
I just wanted to share this with everyone... I completed a review this morning on our corporate blog and it's a product/service that I think many of the members here will be interested in if they haven't seen it already..
To read the rest visit the blog posting
Lately, I've been more and more interested in malware analysis... I've been gathering viruses I receive and watching how they operate inside VMs. Due to this interest I've added more blogs to my seemingly never-ending list of RSS Feeds... Today a very interesting one came across the wire. Sunbelt Software had a blog posting announcing the official launch of CWSandbox. I must say, the software looks pretty damn cool.
Essentially the malware that you submit is executed in what I'm guessing is a VM environment. The software operates by injecting itself in a manner similar to how malware injects itself and has multiple means of protecting against detection by the malware. CWSandbox then monitors the file system, registry and other applications along with network activity and extracts important data (FTP or IRC login data).
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
February 8th, 2007, 02:03 AM
nepenthes 0.2.0 now supports CWsandbox
you may have a look at xml file generated by the cwsandbox
the analyzed executable : burimi bot package
Last edited by stanger; February 8th, 2007 at 02:08 AM.
Industry Kills Music.