22. July 2009 18:11
As you probably security companies are using sandboxes in order to analyze viruses. You might be familiar with some of those sandboxes like CWSandbox, Anubis, etc...
Those analysis tools run the virus on a virtual host for a limited time, and report to the user about the virus’s activities.
Recently, I analyzed an interesting virus, besides the fact that this virus steals sensitive data from the user, it also connects every several minutes to an FTP account and uploads 2 files.
I took a closer look at the uploaded files, and surprisingly found this FTP full of screenshots. Let’s take a look at one screenshot.
This picture was taken from the FTP and it belongs to one of the infected machines.
I think you will all agree with me - stealing personal data is bad enough, but tracking each and every move we make?! No… That’s really too much!
Of course, on this FTP I also found a screenshot of my sandbox’s desktop:
Other sandboxes didn’t get away with it either… you probably recognized CWSandbox here:
Like facing mirrors, we were watching them watching us watching them...
Posted by Daniel Chechik
Subscribe