Author Topic: Sandbox compromised on Windows XP  (Read 4489 times)

Offline abe96

  • Newbie
  • *
  • Posts: 13
Sandbox compromised on Windows XP
« on: May 16, 2017, 02:47:20 PM »
Short story: WannaCry is able to encrypt my files, in sandbox.
I think it only happens in Windows XP. I even tested it on a real system and got the same result.
I also tested old versions of ccav, the malware seems can't get through them. (The problem starts from ver 1.9, I guess.)

Malware info.
SHA1 480053030da18b67355eb1ad499825a4a5e50d8d
https://www.virustotal.com/en/file/e4aa8cfc4cd8b791eaa38dbe6fd7e11bcaaafab680bd2ed7c87e38063623e941/analysis/

note: attachment is the video, not malware

[attachment deleted by admin]

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Sandbox compromised on Windows XP
« Reply #1 on: May 16, 2017, 03:05:48 PM »
Thanks for sharing,
Team is going to check out and we will get back.

Thanks
-umesh
Short story: WannaCry is able to encrypt my files, in sandbox.
I think it only happens in Windows XP. I even tested it on a real system and got the same result.
I also tested old versions of ccav, the malware seems can't get through them. (The problem starts from ver 1.9, I guess.)

Malware info.
SHA1 480053030da18b67355eb1ad499825a4a5e50d8d
https://www.virustotal.com/en/file/e4aa8cfc4cd8b791eaa38dbe6fd7e11bcaaafab680bd2ed7c87e38063623e941/analysis/

note: attachment is the video, not malware
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Sandbox compromised on Windows XP
« Reply #2 on: May 16, 2017, 04:09:20 PM »
Short story: WannaCry is able to encrypt my files, in sandbox.
I think it only happens in Windows XP. I even tested it on a real system and got the same result.
I also tested old versions of ccav, the malware seems can't get through them. (The problem starts from ver 1.9, I guess.)

Malware info.
SHA1 480053030da18b67355eb1ad499825a4a5e50d8d
https://www.virustotal.com/en/file/e4aa8cfc4cd8b791eaa38dbe6fd7e11bcaaafab680bd2ed7c87e38063623e941/analysis/

note: attachment is the video, not malware

what makes you think it's related to XP only?

Offline abe96

  • Newbie
  • *
  • Posts: 13
Re: Sandbox compromised on Windows XP
« Reply #3 on: May 16, 2017, 04:18:06 PM »
what makes you think it's related to XP only?

Because I've run the same test on Windows 8.1 64bit in VirtualBox, seems okay.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Sandbox compromised on Windows XP
« Reply #4 on: May 16, 2017, 04:31:24 PM »
Because I've run the same test on Windows 8.1 64bit in VirtualBox, seems okay.

Ok that's reassuring :)
Did your XP get the latest patch Microsoft pushed out just to fight wannacry?
http://news.softpedia.com/news/microsoft-releases-emergency-windows-xp-update-to-block-wannacry-ransomware-515689.shtml

Offline abe96

  • Newbie
  • *
  • Posts: 13
Re: Sandbox compromised on Windows XP
« Reply #5 on: May 16, 2017, 04:45:12 PM »
Ok that's reassuring :)
Did your XP get the latest patch Microsoft pushed out just to fight wannacry?
http://news.softpedia.com/news/microsoft-releases-emergency-windows-xp-update-to-block-wannacry-ransomware-515689.shtml

Nope, I don't think they're relevant.

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Sandbox compromised on Windows XP
« Reply #6 on: May 16, 2017, 04:47:31 PM »
Yes it is totally irrelevant, the fix only stops the exploit which is used to disseminate the malware. Without it WannaCry is just another regular piece of ransomware.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Sandbox compromised on Windows XP
« Reply #7 on: May 18, 2017, 11:09:38 AM »
Thanks for sharing,
Team is going to check out and we will get back.

Thanks
-umesh

Hi umesh,
any news about this issue?
Thanks

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Sandbox compromised on Windows XP
« Reply #8 on: May 18, 2017, 11:14:52 AM »
Hi,
Yes, only in CCAV with XP system, a sandbox bug.
No issue with any other OS.

Btw on same XP system, CIS protects fine.

So just in XP system with CCAV.
We have a release coming soon, that will have a fix.

Thanks
-umesh

Hi umesh,
any news about this issue?
Thanks
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Sandbox compromised on Windows XP
« Reply #9 on: May 18, 2017, 11:31:00 AM »
Hi,
Yes, only in CCAV with XP system, a sandbox bug.
No issue with any other OS.

Btw on same XP system, CIS protects fine.

So just in XP system with CCAV.
We have a release coming soon, that will have a fix.

Thanks
-umesh

OK, thanks, this is even more reassuring than before :)

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Sandbox compromised on Windows XP
« Reply #10 on: May 19, 2017, 06:38:44 AM »
Hi All,
Please try following fix before we make public release:
https://forums.comodo.com/beta-corner-ccav/ccav-v111418040510-hotfix-rc-t119514.0.html

Thanks
-umesh
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Sandbox compromised on Windows XP
« Reply #11 on: May 19, 2017, 05:17:47 PM »
Hi,
v510 of CCAV has been released to fix this bug:
https://forums.comodo.com/news-announcements-feedback-ccav/comodo-cloud-antivirus-v111418040510-hotfix-released-t119521.0.html

Thanks abe96
Very much appreciated

Thanks
-umesh
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek