Malware Kills Internet Connection When Sandbxed As Partially Limited [V7][M820]

sd_ahmad · January 29, 2014, 9:24pm

hi all

1.Virus can deprivation Internet service in Comodo 7 beta

Product version: COMODO Internet Security 7.0.308911.4080 BETA
3.Operating System:xp3 (x32) runing by virtualbox 4.3.2
4.Configuration: Default IS configuration
5.Clean install.
6.None
this video It shows http://www.gulfup.com/?B0n32W
hips Failed Failed to deal with the files*bat

Watch this video:
http://www.gulfup.com/?KpVlQu

ad18 · January 29, 2014, 9:27pm

I could not view the video. Was the HIPS turned on and not the auto-sandbox? Also, was the Virusope on?

Chiron494 · January 29, 2014, 9:47pm

What exactly is the file doing? I can see the end result, that the internet no longer works, but how exactly does the .bat file accomplish this?

Thanks.

khanyash · January 29, 2014, 10:03pm

Is CIS now completely compatible with VirtualBox?

Previously I have read CIS was not fully compatible with VB.

Chiron494 · January 29, 2014, 10:05pm

Good point. sd ahmad, could you please try this either on a real system or in VMWare?

Thanks.

sd_ahmad · January 29, 2014, 10:41pm

Has been testing a version 6 on the real system,no longer works internet

Chiron494 · January 29, 2014, 10:44pm

Please test it against V7 and see what happens.

Thanks.

khanyash · January 29, 2014, 11:56pm

Your opening post mention Default IS Config.
HIPS is by default disabled in default IS config. But Autosandbox is there to protect from unknown malware.

Are you running a malware sample & the system is getting infected & internet connection doesn’t works?

If so, plz provide me the sample, I will test & post the results here.

sd_ahmad · January 30, 2014, 11:32am

Sample of making my friend ,must discernible permission from my friend

Maybe tomorrow

Chiron494 · January 30, 2014, 1:52pm

That’s great to hear. Once you have access to the sample please send a download link to me as well.

Thanks.

sd_ahmad · January 30, 2014, 5:37pm

ok

sd_ahmad · January 30, 2014, 5:41pm

Has been re-test by VMWare
http://www.gulfup.com/?B0n32W

ad18 · January 30, 2014, 6:05pm

Did you get the same result? I could not watch the video. Thank you.

sd_ahmad · January 30, 2014, 6:10pm

Contact has been disabled in the Internet by Patch

Chiron494 · January 30, 2014, 6:10pm

Thank you for confirming that this also happens in VMWare. Could you please retest it and see if different levels of the Behavioral Blocker are able to effectively block this?

Thanks.

sd_ahmad · January 30, 2014, 7:03pm

sandbox limited

http://www.gulfup.com/?FIoOkQ

Chiron494 · January 30, 2014, 9:59pm

Thank you for testing this. So from what I can see the only level of the Behavioral Blocker which is vulnerable to this is Partially Limited. Therefore, this is technically not a bug. However, I can see this as a possible wish as to how even the default should protect the internet connection from being entirely severed.

Before I can do this can you please share a brief summary of what this malware is doing in order to kill the internet connection?

Thanks.

sd_ahmad · January 30, 2014, 10:08pm

The virus is based on the destruction of the system and delete all user files, but could not destroy the system only
Contact disable the Internet

Chiron494 · January 30, 2014, 10:16pm

So are you saying that it accomplishes this by deleting system files? If so, do you know which files are deleted and where they are located?

Thank you.

sd_ahmad · January 31, 2014, 12:22am

I do not know :-[