Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16216
HistoryFeb 28, 2007 - 12:00 a.m.

Evading the Norman SandBox Analyzer

2007-02-2800:00:00
vulners.com
6
JSON

Hi all,

Summary:

The Norman SandBox Analyzer (http://sandbox.norman.no/live.html) runs
malicious code samples in an emulated environment while logging their
actions. In practice it is more or less impossible to make an emulated
environment perfectly similar to the real thing. It is therefore
possible to write malicious code that does not behave maliciously when
run in the Sandbox Analyzer. Here I will give one example of such a
technique.

Full text at:

http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html

I have notified Norman about the problem but have chosen not to wait for
them to patch it. The reason being that this is not a regular
vulnerability, but rather an example of an inherent weakness in emulated
sandboxes in general. I assume they will patch this particular case
shortly though since it should be very easy to do.

Regards /Arne

http://ntsecurity.nu
http://vidstrom.net

JSON