Penetration Testing mailing list archives
Re: [PEN-TEST] Suspect .EXE Trojan
From: Dom De Vitto <dom () DEVITTO COM>
Date: Thu, 14 Dec 2000 23:08:35 -0000
Maybe, maybe not. Surfinshield is great for sandboxing, but it's a little porr on the reporting side. I do however recommend it, simply because it'll save you from bad stuff from https sites, which other products don't. (Quite how I'm going to roll out the new corp. version, I dunno yet) Dom | -----Original Message----- | From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf | Of WernerC | Sent: 14 December 2000 20:37 | To: PEN-TEST () SECURITYFOCUS COM | Subject: Re: [PEN-TEST] Suspect .EXE Trojan | | | There's a commercial product by finjan called SurfinShield that | purports to | create a "sandbox" to isolate unknown malicious code. Here's a | blurb from | the product description: | | "Behavior Monitoring of active content in real-time in SurfinShield's | sandbox including Executables, ActiveX controls, Java applets, | Scrap files | (.shs), and all Windows scripting host files (e.g., .VBS, .JS, | .WSH, etc.)" | | The website (finjan.com) doesn't have pricing, but there is an option to | download an evaluation copy. Don't know if it will help you or not. | | --Carol Werner | | -----Original Message----- | From: Ruso, Anthony [mailto:aruso () POSITRON QC CA] | Sent: Thursday, December 14, 2000 1:59 PM | To: PEN-TEST () SECURITYFOCUS COM | Subject: [PEN-TEST] Suspect .EXE Trojan | | | Hi, | | I have a suspect executable that I think may be a Trojan. A search on the | .exe doesn't return any result with any virus vendor. Are there any tools | that would allow me to execute the file in isolation and | actually see what's | going on. The file was already executed on two workstations and it killed | Outlook in both cases. I know I can use tripwire and similar | products to see | what files it makes changes to but I don't want to risk killing outlook | again. | | Thanks | | Anthony Ruso
Current thread:
- [PEN-TEST] Suspect .EXE Trojan Ruso, Anthony (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan outcast (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Rainer Duffner (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Steve Goldsby (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ryan Russell (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eric Fitzgerald (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Mike Forrester (Dec 15)
- <Possible follow-ups>
- Re: [PEN-TEST] Suspect .EXE Trojan Ken Pfeil (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan WernerC (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- [PEN-TEST] Raw Disk Mounter Clem Colman (Dec 15)
- Re: [PEN-TEST] Raw Disk Mounter Crist Clark (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Ryan Russell (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Brian Russo (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)