- Jul 30, 2012
- 510
Can any body suggest me a solution for malwares which bypasses UAC, sanbox and Virtual Machines ????
Malware that bypass UAC, Sandboxes and VMs?
- Thread starter madyrocksin
- Start date
- Apr 17, 2011
- 9,224
Not sure if there is one, but a place that you can look is in our Virus Exchange and our Live Virus List.
- Jul 30, 2012
- 510
oh thnx for the thread, but no i m not looking for specific malware but i have seen loggers which have the option to jump out of the sandbox and virtual machine and UAC bypass codes are probably pretty easy now a days, have been reading these on some forum !!
I was wondering with the level of current sophisticated malwares how secure can we be with sandbox and virtual machine, hopefully there isn't anything to bypass HIPS ???
I was wondering with the level of current sophisticated malwares how secure can we be with sandbox and virtual machine, hopefully there isn't anything to bypass HIPS ???
- Jul 30, 2012
- 510
- Jul 30, 2012
- 510
haha thnx for quick reply but wot if my actual system security doesn't detects it and i will never know whether it escaped the VM or notMcLovin said:madyrocksin said:
Make sure you have a backup of your system and then install a virtual machine and try the malware in that, and if it escapes then that's what you want.
- Apr 17, 2011
- 9,224
madyrocksin said:haha thnx for quick reply but wot if my actual system security doesn't detects it and i will never know whether it escaped the VM or not
If you have a backup solution and if the computer starts to play up then you just have to revert back to that backup.
- Jul 30, 2012
- 510
McLovin said:madyrocksin said:haha thnx for quick reply but wot if my actual system security doesn't detects it and i will never know whether it escaped the VM or not
If you have a backup solution and if the computer starts to play up then you just have to revert back to that backup.
ohk so that means i will have to infect my computer to know about it :dodgy: well i was thinking that most of the malwares had this capability, well thnx for the replies
I am waiting for someone who had actually encountered something like this
InternetChicken
New Member
- Jul 16, 2012
- 519
Hi madyrocksin
If I understand you , u are worried about
a malware that can bypass UAC, sandbox and Virtual Machines ,
Their are malware that can bypass UAC and sandbox Virtual Machines
there's some that can bypass Virtual Machines. (allthough very Rare)
but bypass all 3 together ! I have not seen that . And am not Aware
of any malware currently in the wild that can bypass all 3 at once ,
how ever that dose not mean that such a malware could not be created
one only has to look at Flame which went undetected for some time,
If you are using UAC and sanbox Virtual Machines your chance of infection is
Very small,
Malware that can bypass UAC not so common
Malware that can bypass sandbox is less common
Malware that can bypass Virtual Machines is very rare,
If I understand you , u are worried about
a malware that can bypass UAC, sandbox and Virtual Machines ,
Their are malware that can bypass UAC and sandbox Virtual Machines
there's some that can bypass Virtual Machines. (allthough very Rare)
but bypass all 3 together ! I have not seen that . And am not Aware
of any malware currently in the wild that can bypass all 3 at once ,
how ever that dose not mean that such a malware could not be created
one only has to look at Flame which went undetected for some time,
If you are using UAC and sanbox Virtual Machines your chance of infection is
Very small,
Malware that can bypass UAC not so common
Malware that can bypass sandbox is less common
Malware that can bypass Virtual Machines is very rare,
- Jul 30, 2012
- 510
InternetChicken said:
Hi InternetChicken,
Yes you are right, i want to test malwares and for that i m pretty worried about those malwares which can bypass your protection.
I think that if something can bypass a virtual machine than sandbox and UAC shouldn't be a factor.
As for UAC i have read somewhere that a registry value of 0 on some code can actually bypass it,
i dont know if windows update has actually fixed that now, moreover i have tried some loggers where i had the option to tick a box which said anti-sandbox,
of late i have been hearing about a video tutorial were its shown how to bypass virtual machines !!
I am assuming that there is some virus like that, and want to know, can HIPS actually safeguard you against that ??
MrXidus
Super Moderator (Leave of absence)
- Apr 17, 2011
- 2,503
I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
To be honest I don't think you have anything to worry about, Not to say let your guard down, Just take basic pre-cautions. I've been testing all types of threats inside my VM for 5 years now and never had anything "escape". Not that I'm saying it's not possible, As honestly I've never known it to happen nor seen it happen. Others can feel free to tell me otherwise.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
To be honest I don't think you have anything to worry about, Not to say let your guard down, Just take basic pre-cautions. I've been testing all types of threats inside my VM for 5 years now and never had anything "escape". Not that I'm saying it's not possible, As honestly I've never known it to happen nor seen it happen. Others can feel free to tell me otherwise.
- Jul 30, 2012
- 510
MrXidus said:I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
To be honest I don't think you have anything to worry about, Not to say let your guard down, Just take basic pre-cautions. I've been testing all types of threats inside my VM for 5 years now and never had anything "escape". Not that I'm saying it's not possible, As honestly I've never known it to happen nor seen it happen. Others can feel free to tell me otherwise.
Ok i have tried using virtual box inside sandboxie with time freez but that gave me an error, didn't try it too hard though.
Thanks for replying, i know everything is possible a system can be infected if it had Fort Knox built around it.
I just wanted to know if these kind of malwares have become a bit regular or not, your reply actually helped me
InternetChicken
New Member
- Jul 16, 2012
- 519
I am assuming that there is some virus like that, and want to know, can HIPS actually safeguard you against that ??
then the awnser would be No
As MrXidus stated above you honestly have anything to worry about
Find and running a malware that can bypass UAC sandbox Virtual Machines
Would be like closeing your eye's and shoot a gun and hiting someone with the shot while you are standing on mars, by your self ........
If you are so worried about the Issue then the fix is eazy , Dont mess with Malware ........
I might be killed a rock from outer space could crash and hit my car ,,,
It could happen , but the chance of happing is so low ,,, I wont worry about It.
then the awnser would be No
As MrXidus stated above you honestly have anything to worry about
Find and running a malware that can bypass UAC sandbox Virtual Machines
Would be like closeing your eye's and shoot a gun and hiting someone with the shot while you are standing on mars, by your self ........
If you are so worried about the Issue then the fix is eazy , Dont mess with Malware ........
I might be killed a rock from outer space could crash and hit my car ,,,
It could happen , but the chance of happing is so low ,,, I wont worry about It.
MrXidus said:I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
MrXidus was joking ^^
I run this config (but Virtual box outside
) PLUS my 3 security suites and nothing (yet) bypassed them.but im sure with just Sandboxie or Shadow defender , it will be hard already to be infected.
InternetChicken
New Member
- Jul 16, 2012
- 519
Littlebits
Retired Staff
- May 3, 2011
- 3,893
These types of malware are so extremely rare and have to be manually downloaded and manually executed in order to infect a system. So basic users shouldn't worry about them.
But if you are into testing malware, I recommend to use a separate system dedicated for testing only. It is the only 100% sure way that they can't cause any damage to a system. If your test system gets infected then simply re-install Windows and problem is solved.
Never use your main system to test malware, no matter how good you think you are at testing, errors can happen and wipe out your main system.
Thanks.
But if you are into testing malware, I recommend to use a separate system dedicated for testing only. It is the only 100% sure way that they can't cause any damage to a system. If your test system gets infected then simply re-install Windows and problem is solved.
Never use your main system to test malware, no matter how good you think you are at testing, errors can happen and wipe out your main system.
Thanks.
- Jul 30, 2012
- 510
InternetChicken said:
I am worried but not that worried that i will give up malware testing, i wanted to know if there is something to prevent it, as these kinda of malware still rare, i can be much relaxed now when i test these malwares
- Jul 30, 2012
- 510
Umbra Corp. said:MrXidus said:I've run VMWare inside of Sandboxie inside of Shadow Defender inside of Rollback RX on an old second PC that was on a separate network. Yet I still managed to spread a very nasty worm through my home network's modem and infected all 4 PC's in my household, Aswell as my whole street and local exchange.
Since then I stay well clear of testing any malware as no environment is secure enough.
/sarc
MrXidus was joking ^^
I run this config (but Virtual box outside
but im sure with just Sandboxie or Shadow defender , it will be hard already to be infected.
You have to be really very sure of your configuration to try them outside VM
- Jul 30, 2012
- 510
Littlebits said:These types of malware are so extremely rare and have to be manually downloaded and manually executed in order to infect a system. So basic users shouldn't worry about them.
But if you are into testing malware, I recommend to use a separate system dedicated for testing only. It is the only 100% sure way that they can't cause any damage to a system. If your test system gets infected then simply re-install Windows and problem is solved.
Never use your main system to test malware, no matter how good you think you are at testing, errors can happen and wipe out your main system.
Thanks.
Since they are still rare i don't wanna go the hard way
thanks for the reply !!Similar threads
