Results 1 to 5 of 5

Thread: Norman Sandbox

  1. #1
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152

    Norman Sandbox

    I got a link to this from the Forensics mailing list from SecurityFocus.

    It seems to be a free service to analyse new viruses and spyware. You submit the suspected file to the sandbox and they will perform an analysis of it and send you the results. They will obviously produce a new signature for their products from this also.

    I've not tried it, I don't come across new spyware/virus, but it might be a useful service to some.

    http://sandbox.norman.no/live_4.html

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    WebImmune does exactly the same. Most AV companies have a place to submit new viruses.

    I've submitted several new variants in the past.. This indeed resulted in new signatures..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Dec 2004
    Posts
    3,171
    Here's one I have bookmarked and periodically visit to check it out...

    http://www.esafe.com/home/csrt/index.asp
    Virus Updates - Virus Alerts

    Eg

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    I actually ran into that link yesterday and decided to give it a go.

    Here's what I got back today :


    Norman Scanner Engine 5.82. 1
    Sandbox 05.82, dated 2/05-2005

    Your message ID (for later reference): 20050614-207

    ~91B1.exe : Not detected by sandbox (Signature: NO_VIRUS)
    [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * File length: 9216 bytes.

    [ Changes to registry ]
    * Sets value "Offline Folder"="00000000-0BBC-4FFD-B610-400001000080" in key "HKCU\Software\Microsoft\Internet Explorer\Main".


    (C) 2004 Norman ASA. All Rights Reserved.
    The material presented is distributed by Norman ASA as an information source only.
    This is another service that I've tried a couple of times Virus Total ... The really cool thing about it is that is uses more then one AV engine to check the file and it's free.

    Here's what I got back when I sent the file "q309661.exe." Interesting ...

    This is a report processed by VirusTotal on 06/15/2005 at 06:46:42 (CET) after scanning the file "q309661.exe" file.
    Antivirus Version Update Result
    AntiVir 6.31.0.5 06.14.2005 Heuristic/Virus.Win32
    AVG 718 06.14.2005 no virus found
    Avira 6.31.0.5 06.14.2005 Heuristic/Virus.Win32
    BitDefender 7.0 06.15.2005 no virus found
    ClamAV devel-20050501 06.14.2005 no virus found
    DrWeb 4.32b 06.14.2005 Trojan.DownLoader.2471
    eTrust-Iris 7.1.194.0 06.15.2005 Win32/DlMersting!Variant!Trojan
    eTrust-Vet 11.9.1.0 06.14.2005 Win32.DlMersting.GC
    Fortinet 2.32.0.0 06.15.2005 suspicious
    Ikarus 2.32 06.15.2005 no virus found
    Kaspersky 4.0.2.24 06.15.2005 Trojan-Downloader.Win32.Small.amb
    McAfee 4513 06.14.2005 StartPage-DU
    NOD32v2 1.1140 06.14.2005 probably a variant of Win32/TrojanDownloader.Small.AMB
    Norman 5.70.10 06.13.2005 W32/DLoader.EVP
    Panda 8.02.00 06.14.2005 no virus found
    Sybari 7.5.1314 06.15.2005 StartPage-DU
    Symantec 8.0 06.14.2005 no virus found
    TheHacker 5.8-3.0 06.14.2005 no virus found
    VBA32 3.10.3 06.14.2005 no virus found



    VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En espaƱol
    --------------------------------------------------------------------------------
    www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail info@virustotal.com
    BTW ... Thanks for posting those two other links .....
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Here is one more that I use. It is *excellent*.

    http://virusscan.jotti.org/

    Virus total combined with this site are my first stop when analyzing a new virus/worm/botnet app. From here, it's right to good ol' IDAPro and then on to the submission site of our AV vendor.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •