Security software maker Quick Heal has identified a new malware sample that is able to breach the ‘sandbox’ protection in computers of many small, medium, and large companies, a senior company official has said.
Detailed analysis of the malware sample – APT-QH-4AG15- revealed that it has been designed to infect highly protected networks. It also has several anti-sandbox tricks implemented within it, Quick Heal’s Chief Technology Officer
Sanjay Katkar said.
Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
“The early success of sandbox-based appliances can be attributed to the fact that malware variants were never designed with such protection mechanisms in mind. Instead, these samples were focused on breaching traditional anti-virus and firewall solutions. This enabled them to breach traditional security solutions with zero-day (quick) attacks very frequently,” Katkar said.
“But now that more enterprises are using these advanced threat protection sandbox-based appliances, new malware variants are being designed with an aim of penetrating this specific protection mechanism,” he said.
He said companies need to consider and implement multiple layers of protection to safeguard networks.
“FireEye and others believe that the current anti-virus solutions and endpoint protections (EPS) are useless. In reality, the current malwares have been designed keeping in mind only End Point Security (EPS) and their main challenge is to pass EPS security and that is how the malwares have been designed/tested and released,” he said.
With more organisations starting to use sandboxed appliance like FireEye or FortiSandbox, the newer malwares are being designed with these protection in mind, he said.
“Thus, new malware can easily bypass these security solutions and land up in user’s inbox and network,” Katkar added.