Password leak inside sandbox

If it's not about a problem in the program
Post Reply
xZero
Posts: 1
Joined: Wed Jan 16, 2013 11:22 pm
Contact:

Password leak inside sandbox

Post by xZero » Wed Jan 16, 2013 11:38 pm

I downloaded some possible malware and executed it inside sandbox. Thats an messenger which friend of mine send to me.
ANd I saw few creations inside sanbox folder C:\Sandbox\xZero\DefaultBox\drive\F\Users\xZero\AppData\Local\Temp (My %TEMP% is on F drive)
Few .exe files and two .ini files and can you guess what i found in .ini files? Complete dump of all my passwords from Microsoft Outlook, and the worst, complete dump from my Google Chrome saved passwords.

Files inside sandbox folder:
server.exe
messenger.exe
cvtres.exe
OKrXe.exe
crrA5mXBD4.ini
cKh4lhUDvZ.ini


Now im scared, is possible that program is bypassed sandbox? Is possible that this malware is send my passwords to "hacker"(lamer) even it was executed under Sandboxie?

Please note: I using newest version of Sandboxie on Windows 7 Ultimate 64-bit

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Thu Jan 17, 2013 2:15 am

Sandboxie is a software used to prevent applications from writing to real disk. Sandboxie is not a firewall but you can configure it to allow/deny applications from connecting to internet.

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Fri Jan 18, 2013 7:23 am

It's also possible to "hide" folders that contain sensitive information, so that a sandboxed program will think that the folder is empty.
For example, most of my sandboxes use a setting:
WriteFilePath=%Personal%\
Any sandboxed program using those sandboxes will not be able to read any files from that folder. It will appear to be empty.

Sandbox Settings > Resource Access > File Access > Write-Only Access
(The list below applies to all programs)
"Add" button: (My Documents folder)

These are sandboxes that are used by programs that have no need to read anything from that folder.

Caution: only folders should be specified in this setting.
Even though it allows you to pick individual files, it's my understanding that only entire folders are supported.

The specified folder can still be used as a Recover Folder in Sandbox Settings, so files can still be saved to that folder and then recovered with Quick Recovery.
The trick in using this setting, is determining which folders to use for each sandbox.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest