I downloaded some possible malware and executed it inside sandbox. Thats an messenger which friend of mine send to me.
ANd I saw few creations inside sanbox folder C:\Sandbox\xZero\DefaultBox\drive\F\Users\xZero\AppData\Local\Temp (My %TEMP% is on F drive)
Few .exe files and two .ini files and can you guess what i found in .ini files? Complete dump of all my passwords from Microsoft Outlook, and the worst, complete dump from my Google Chrome saved passwords.
Files inside sandbox folder:
server.exe
messenger.exe
cvtres.exe
OKrXe.exe
crrA5mXBD4.ini
cKh4lhUDvZ.ini
Now im scared, is possible that program is bypassed sandbox? Is possible that this malware is send my passwords to "hacker"(lamer) even it was executed under Sandboxie?
Please note: I using newest version of Sandboxie on Windows 7 Ultimate 64-bit
Password leak inside sandbox
It's also possible to "hide" folders that contain sensitive information, so that a sandboxed program will think that the folder is empty.
For example, most of my sandboxes use a setting:
WriteFilePath=%Personal%\
Any sandboxed program using those sandboxes will not be able to read any files from that folder. It will appear to be empty.
Sandbox Settings > Resource Access > File Access > Write-Only Access
(The list below applies to all programs)
"Add" button: (My Documents folder)
These are sandboxes that are used by programs that have no need to read anything from that folder.
Caution: only folders should be specified in this setting.
Even though it allows you to pick individual files, it's my understanding that only entire folders are supported.
The specified folder can still be used as a Recover Folder in Sandbox Settings, so files can still be saved to that folder and then recovered with Quick Recovery.
The trick in using this setting, is determining which folders to use for each sandbox.
For example, most of my sandboxes use a setting:
WriteFilePath=%Personal%\
Any sandboxed program using those sandboxes will not be able to read any files from that folder. It will appear to be empty.
Sandbox Settings > Resource Access > File Access > Write-Only Access
(The list below applies to all programs)
"Add" button: (My Documents folder)
These are sandboxes that are used by programs that have no need to read anything from that folder.
Caution: only folders should be specified in this setting.
Even though it allows you to pick individual files, it's my understanding that only entire folders are supported.
The specified folder can still be used as a Recover Folder in Sandbox Settings, so files can still be saved to that folder and then recovered with Quick Recovery.
The trick in using this setting, is determining which folders to use for each sandbox.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Who is online
Users browsing this forum: No registered users and 1 guest
