Winter Soldier

Level 25
WannaCry and ransomware in general, often have no particular interest in trying to escape the various sandbox, because their first objective is the maximum possible spread, and you consider: how many people use running files in the sandbox as a precautionary measure? I believe a few of them, out of MT users and other advanced users.
Malware authors are working on large numbers, one million of targeted users, means at least hundreds of thousands of victims.
Malcoders are not worried if someone prevents the infection, being aware of that.

As usual, knowledge makes the difference.
 

Atlas147

Level 30
Verified
Trusted
Content Creator
I think most sandboxes would stop wannacry from escaping into the actual files because that's what they do. Unless the exploit has something to do with sandboxes, this would also apply to all malware.

That being said, a better test should be if the sandbox would prevent the spread of the malware.
 

AtlBo

Level 27
Verified
Content Creator
Nice video.

You can sandbox all the MS Office 2007 apps (probably at least 10/13 too although I don't have them to try) with the 360 sandbox. MS Office runs good there. I'm not on a PC with Office now, but I think you can run with macros enabled, and they will work within the sandbox. Don't know about beyond that. I only have some macros in a file that move data from one tab to another in the file. Main thing is this would definitely stop VB dropper downloaders in Office macros. The downloaded .exe wouldn't run in the sandbox.
 
Last edited: