Sandbox II: Internet

Kurt Natvig Norman ASA

Last year I presented how a simulated computer, which is integrated inside the scanner engine, can detect viruses based on actual performance. I demonstrated regular file replication for regular Win32 PE infectors. However, regular file replicating viruses do not pose the biggest threat - worms and viruses spreading through the Internet do. I will demonstrate how detection of these critters can be applied to the simulated computer, how these simulated computers can `network' inside a single scanner engine, opening shares and communicate with a simulated SMTP server, how we deal with run-time libraries, e.g. Visual Basic DLLs, what is possible to simulate and what is not.

del.icio.us

digg this

VB Conferences


	VB2013 (Berlin) VB2012 (Dallas) VB2011 (Barcelona) VB2010 (Vancouver) VB2009 (Geneva) VB2008 (Ottawa) VB2007 (Vienna) VB2006 (Montréal) VB2005 (Dublin) VB2004 (Chicago) VB2003 (Toronto) VB2002 (New Orleans) Photos Programme VB2001 (Prague) VB2000 (Orlando) VB99 (Vancouver) VB98 (Munich) VB97 (San Francisco) VB96 (Brighton) VB95 (Boston) VB94 (Jersey) VB93 (Amsterdam) VB92 (Edinburgh) VB91 (Jersey) ‘Very useful and enjoyable, with unparalleled networking.’

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,240 registered users.

Fighting malware and spam

Sandbox II: Internet

VB2013 (Berlin)

VB2012 (Dallas)

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)