Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

04:13 PM
Dark Reading
Dark Reading
Products and Releases

Sunbelt Software Unveils Updated Security Services

Upcoming CWSandbox enhancements allow security providers to automate bulk malware analysis; Exploit Feed adds to Threat Track portfolio

LAS VEGAS, July 29 /PRNewswire/ -- Black Hat 2009 -- Sunbelt Software, a leading provider of Windows security software, today announced the upcoming availability of the next version of the industry's premier automated malware analysis tool, CWSandbox(TM). Sunbelt also announced the availability of its Exploit Feed, a new component to its Threat Track(TM) data service which provides customers with the industry's most accurate and up-to-date feeds, identifying and propagating to researchers the latest malicious URLs and malware. Both offerings rely on the world-class research efforts of SunbeltLabs(TM), the malware research and analysis division of Sunbelt Software.

CWSandbox is an automated behavior analysis tool that leverages unique technology for the automatic detection of malware. The forthcoming release of CWSandbox v3.0 will give researchers the ability to compare multiple analyses for differences and similarities, and allow them to send malware samples to multiple sandbox configurations and centrally manage the process. Unlike other malware analysis tools on the market today, CWSandbox provides true automation and gives those on the front lines of cyber-defense the ability to analyze in bulk and save crucial time.

Security researchers will have the ability to compare simultaneously how malware operates in a variety of environments. By leveraging this sophisticated analysis, enterprises can put security best practices in place to account for how malware behaves differently on varied desktop configurations within their networks and proactively protect against targeted threats.

"Sunbelt has a long history of marrying its endpoint anti-malware tools with state-of-the-art threat research," said Chad Loeven, VP, business development for Sunbelt Software. "Cooperation and sharing of such research in the security community is essential for the timely protection of businesses, federal agencies and consumers against the rising tide of malware attacks. SunbeltLabs is continually improving its world-class research methods in order to lead the effort to keep the bad guys out."

To that end, Sunbelt introduces a new Exploit Feed, which is one of the vital data streams maintained by SunbeltLabs, and is now part of the Threat Track service. The Exploit Feed tracks URLs deemed to be malicious based on a set of behavior and code traits, and is updated continuously, identifying links to exploits before users can become infected. The URLs are passed through an array of "honeyclients" configured to detect any malicious activity.

Data captured by the Exploit Feed include files dropped by the URL, other URLs involved in the exploit process, code containing the actual exploit, and an XML behavior analysis report of the browser and all related malware processes. The Exploit Feed, in conjunction with the other feed components of Threat Track, is heterogeneous in nature and can be incorporated into cloud, gateway and desktop Web security solutions.

Sunbelt's CWSandbox and Exploit Feed will be on display today and tomorrow in Booth #1 at Black Hat USA 2009 in Caesar's Palace, Las Vegas, Nevada. For more information on CWSandbox or Threat Track, please visit www.sunbeltsandbox.com.


Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE(R) and CounterSpy(R) product lines, Ninja(TM) Email Security, Sunbelt Exchange Archiver(TM), CWSandbox(TM), and Threat Track(TM).

For more information about Sunbelt Software, please visit the company's website at http://www.sunbeltsoftware.com. To learn more about current activities, products, and ideas at Sunbelt Software, please visit Sunbelt's corporate blog at http://www.sunbeltblog.com. To view this release online, go to http://www.sunbeltsoftware.com/Press/Releases/?id=294.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
PUBLISHED: 2019-11-14
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
PUBLISHED: 2019-11-14
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
PUBLISHED: 2019-11-14
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent withi...