Results 1 to 5 of 5

Thread: Norman Sandbox

  1. #1
    Frustrated Mad Scientist
    Join Date
    Dec 2004

    Norman Sandbox

    I got a link to this from the Forensics mailing list from SecurityFocus.

    It seems to be a free service to analyse new viruses and spyware. You submit the suspected file to the sandbox and they will perform an analysis of it and send you the results. They will obviously produce a new signature for their products from this also.

    I've not tried it, I don't come across new spyware/virus, but it might be a useful service to some.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    WebImmune does exactly the same. Most AV companies have a place to submit new viruses.

    I've submitted several new variants in the past.. This indeed resulted in new signatures..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Dec 2004
    Here's one I have bookmarked and periodically visit to check it out...
    Virus Updates - Virus Alerts


  4. #4
    Senior Member
    Join Date
    Oct 2003
    I actually ran into that link yesterday and decided to give it a go.

    Here's what I got back today :

    Norman Scanner Engine 5.82. 1
    Sandbox 05.82, dated 2/05-2005

    Your message ID (for later reference): 20050614-207

    ~91B1.exe : Not detected by sandbox (Signature: NO_VIRUS)
    [ General information ]
    * File length: 9216 bytes.

    [ Changes to registry ]
    * Sets value "Offline Folder"="00000000-0BBC-4FFD-B610-400001000080" in key "HKCU\Software\Microsoft\Internet Explorer\Main".

    (C) 2004 Norman ASA. All Rights Reserved.
    The material presented is distributed by Norman ASA as an information source only.
    This is another service that I've tried a couple of times Virus Total ... The really cool thing about it is that is uses more then one AV engine to check the file and it's free.

    Here's what I got back when I sent the file "q309661.exe." Interesting ...

    This is a report processed by VirusTotal on 06/15/2005 at 06:46:42 (CET) after scanning the file "q309661.exe" file.
    Antivirus Version Update Result
    AntiVir 06.14.2005 Heuristic/Virus.Win32
    AVG 718 06.14.2005 no virus found
    Avira 06.14.2005 Heuristic/Virus.Win32
    BitDefender 7.0 06.15.2005 no virus found
    ClamAV devel-20050501 06.14.2005 no virus found
    DrWeb 4.32b 06.14.2005 Trojan.DownLoader.2471
    eTrust-Iris 06.15.2005 Win32/DlMersting!Variant!Trojan
    eTrust-Vet 06.14.2005 Win32.DlMersting.GC
    Fortinet 06.15.2005 suspicious
    Ikarus 2.32 06.15.2005 no virus found
    Kaspersky 06.15.2005 Trojan-Downloader.Win32.Small.amb
    McAfee 4513 06.14.2005 StartPage-DU
    NOD32v2 1.1140 06.14.2005 probably a variant of Win32/TrojanDownloader.Small.AMB
    Norman 5.70.10 06.13.2005 W32/DLoader.EVP
    Panda 8.02.00 06.14.2005 no virus found
    Sybari 7.5.1314 06.15.2005 StartPage-DU
    Symantec 8.0 06.14.2005 no virus found
    TheHacker 5.8-3.0 06.14.2005 no virus found
    VBA32 3.10.3 06.14.2005 no virus found

    VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En espaņol
    -------------------------------------------------------------------------------- :: @ Hispasec Sistemas 2004 :: e-mail
    BTW ... Thanks for posting those two other links .....
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Here is one more that I use. It is *excellent*.

    Virus total combined with this site are my first stop when analyzing a new virus/worm/botnet app. From here, it's right to good ol' IDAPro and then on to the submission site of our AV vendor.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts