![]() When a user first downloads an executable file, the file gets downloaded to his machine and also a copy of the file is sent to the Sandbox for evaluation. Security people use Sandboxes now for malware investigation and detection. Usually Sandboxes are used to test running applications from third party un-trusted vendors. ![]() ![]() Sandbox originally is a concept that is used to describe running a program in an isolated and controlled environment for evaluation and testing purposes. ![]() Usually you will let it run in a controlled environment, and start monitoring what the malware is doing to the registry, O.S, processes, memory, and what network connections it is opening. Just imagine that you are given a malware file, and you are asked to study its behavior. Since we cannot depend on comparing a malware file against a list of signatures in a database, we should think of a way to study the life cycle of the malware when it is in motion (action). Furthermore, zero day attacks are becoming more and more popular than ever and IT Security people should respond. This makes it so difficult for signature based antivirus solutions to detect and protect against those types of malware. Crackers are getting smarter everyday.They are using new and sophisticated ways to encrypt their malware or to make them change their shape and signature with time.
0 Comments
Leave a Reply. |