The Adventures of Anti-Virus and the Leaky Sandbox

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Anti-virus vendors typically use sandboxes to isolate malware that is detected by their scanning engines. But what happens if the sandbox is leaky?

That's precisely the scenario that SafeBreach co-founder and CTO Itzik Kotler and Vice President of Security Research Amit Klein detailed in a session at the Black Hat USA conference last week.

The SafeBreach duo explained how they were able to create a malicious file to trick the anti-virus engine into running the code in a supposedly isolated sandbox. As it turns out, the sandbox was leaky and the researchers were able to get information out.

Kotler and Klein provided an overview of the method in a press conference at the event.

Watch the full video below:

Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.