 |
|
bs1
| Joined: 16 May 2008 |
| Posts: 527 |
|
|
|
 Posted: Thu Jun 26, 2008 4:13 pm |
|
 |
 |
|
|
| SnDPhoenix wrote: |
I've said it before and I'll say it again; Provide proof or your statement is null. 
(Aimed at the guy in the wilders thread btw, who supposedly found "a malware" that can bypass Sandboxie.) |
I agree. Sidenote: The orignal subject of Wilders' thread, i.e. cs.exe malware, appears to have been tested in Sandboxie without any ill-effects per Oneder's post in this thread. |
|
|
|
SnDPhoenix
| Joined: 26 Dec 2006 |
| Posts: 2694 |
| Location: West Florida |
|
|
| Posted: Thu Jun 26, 2008 4:33 pm |
|
|
|
|
|
Yeah, as we all figured, he was just trying to spread crap about Sandboxie.
Just another day...  |
|
|
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2184 |
|
|
|
| Posted: Thu Jun 26, 2008 5:25 pm |
|
|
|
|
|
I believe in the theory of commercial interests moving certain people to post false information in forums.
|
|
|
|
MitchE323
| Joined: 02 Nov 2006 |
| Posts: 2268 |
|
|
|
| Posted: Thu Jun 26, 2008 5:27 pm |
|
|
|
|
|
No Buster, if it were commercial interests that would at least make a small element of sense. These are just wannabes......
|
|
|
 |
 | |  |
|
| | |
|
Oneder
| Joined: 30 Aug 2005 |
| Posts: 364 |
| Location: Perth,West Oz |
|
|
| Posted: Tue Jul 29, 2008 1:46 am |
|
|
|
|
|
Haven't tried to run the below sandboxed as yet and I don't understand how such a small zip can contain that amount of data, unless it's a joke.
Someone may want to play around with it.
It does get flagged over at Virus Total.
http://www.virustotal.com/analisis/fe25f9898cf1b11f209aea7012671126
| Quote: |
Click here to download 42.zip(42.374 bytes zipped)
The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.
So, if you extract all files, you will most likely run out of space
16 x 4294967295 = 68.719.476.720 (68GB)
16 x 68719476720 = 1.099.511.627.520 (1TB)
16 x 1099511627520 = 17.592.186.040.320 (17TB)
16 x 17592186040320 = 281.474.976.645.120 (281TB)
16 x 281474976645120 = 4.503.599.626.321.920 (4,5PB)
|
|
|
|
|
| | |
|
SnDPhoenix
| Joined: 26 Dec 2006 |
| Posts: 2694 |
| Location: West Florida |
|
|
| Posted: Tue Jul 29, 2008 2:09 am |
|
|
|
|
|
| Oneder wrote: |
Haven't tried to run the below sandboxed as yet and I don't understand how such a small zip can contain that amount of data, unless it's a joke.
Someone may want to play around with it.
It does get flagged over at Virus Total.
http://www.virustotal.com/analisis/fe25f9898cf1b11f209aea7012671126
| Quote: |
Click here to download 42.zip(42.374 bytes zipped)
The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.
So, if you extract all files, you will most likely run out of space
16 x 4294967295 = 68.719.476.720 (68GB)
16 x 68719476720 = 1.099.511.627.520 (1TB)
16 x 1099511627520 = 17.592.186.040.320 (17TB)
16 x 17592186040320 = 281.474.976.645.120 (281TB)
16 x 281474976645120 = 4.503.599.626.321.920 (4,5PB)
|
hxxp://www.unforgettable.dk/ |
What the hell?
So if you could extract this entire archive, every last zip file, it would take up 4.5 Petabytes?
All in a 42 Kb zip? 
Even I am shocked right now...
Only thing I can think is that the "o.dll" although 4Gb in size, is really just nothing but straight zeros!
Then the fact that there is a 4Gb dll file (only zeros though) inside of EACH archive, it all adds up to I guess, 4.5PB?
If I had enough space I'd try it out haha. |
|
|
|
| | |
|
Peter2150
| Joined: 28 Mar 2007 |
| Posts: 445 |
| Location: Washington DC |
|
|
| Posted: Tue Jul 29, 2008 4:06 am |
|
|
|
|
|
Actually three. I just didn't bother posting.
|
|
|
|
street011
| Joined: 16 Jan 2007 |
| Posts: 410 |
|
|
|
| Posted: Tue Jul 29, 2008 7:01 am |
|
|
|
|
|
i can't see how this is a challenge to sandboxie? it does nothing... its just a compressed file with high compression ratio you are going to extract, sure, your sandbox will grow and run out of diskspace.
no challenge, but fun to see  |
|
|
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2184 |
|
|
|
| Posted: Tue Jul 29, 2008 7:42 am |
|
|
|
|
|
That kind of malwares are known as archive bombs and they existed already in MS-DOS times.
|
|
|
|
PiCo
| Joined: 09 Jun 2008 |
| Posts: 63 |
|
|
|
| Posted: Fri Aug 01, 2008 2:15 pm |
|
|
|
|
|
| Buster wrote: |
| That kind of malwares are known as archive bombs and they existed already in MS-DOS times. |
What happens if you extract it as it says?
edit://The fact that also 23 out of 35 scanners are able to scan -not to detect- the file is also strange! Does this mean they fail to scan it?
AVs usually extract the content in a temp folder and scan it, so they might burst or sth!! |
|
|
|
| | |
|
Buster
| Joined: 06 Aug 2007 |
| Posts: 2184 |
|
|
|
| Posted: Fri Aug 01, 2008 3:02 pm |
|
|
|
|
|
| PiCo wrote: |
| Buster wrote: |
| That kind of malwares are known as archive bombs and they existed already in MS-DOS times. |
edit://The fact that also 23 out of 35 scanners are able to scan -not to detect- the file is also strange! Does this mean they fail to scan it?
AVs usually extract the content in a temp folder and scan it, so they might burst or sth!! |
Several approachs can be used by avs to avoid this kind of problematic archives, like having a limit to the extracted files/folders, or having hard-coded the hashes of those archives and skipping their scanning if they are found. |
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 6 of 11
 Use the RSS feed to watch this topic for replies
|
|
|
|
| |
