January 02, 2013 - 12:00
Threat researchers will share how they were able to generate 100 MB of detailed malware behavioral data on Flame in less than 5 minutes using GFI SandBox
GFI® Software will host a webinar Tuesday to demonstrate how properly deployed sandbox technology would have assisted enterprise cyber-security professionals in defending their networks from Flame, the recently discovered malware also known as Flamer, sKyWIper and Skywiper. GFI Software will host the free webinar, Analyzing Flame, for enterprise cyber-security professionals June 19 at 2 p.m. ET.
Using GFI SandBox™—one of the industry’s leading malware analysis solutions—the GFI Software Flame Taskforce has identified malware behavior exhibited by Flame not yet reported by other security vendors or malware researchers. In less than 5 minutes, GFI Software was able to use GFI SandBox to generate more than 100 MB of data, which would provide GFI SandBox users with a rich and detailed analysis of exactly how Flame executes within an infected network.
“We will demonstrate how GFI SandBox customers would have been able to identify the malicious behavior of Flame, which ideally illustrates how sandbox technology enables enterprises to detect undiscovered, highly sophisticated malware threats that evade traditional antivirus detection,” said Julian Waits, vice president of GFI Software’s Advanced Technology Group. “Armed with this information, enterprise cyber-security professionals know with certainty if their networks are being targeted or have already been compromised, enabling them to begin isolating and remediating the threat using all the security solutions at their disposal.”
The webinar will focus on several key malware behavior traits that would have alerted GFI SandBox users that Flame was malicious, providing them with invaluable intelligence to immediately combat this threat and mitigate any damage it could cause. The team will discuss:
- Processes monitored during analysis
- The order in which Flame creates files
- How Flame evades detection
- Flame’s unique registry activity
- How Flame drivers are installed
- Additional insight into Mutex activity already reported
- How Flame hijacks and controls Microsoft® Internet Explorer®
- The network traffic generated by Flame
To learn how GFI SandBox can help enterprises defend themselves from advanced malware threats like Flame, register for the Analyzing Flame webinar at https://www1.gotomeeting.com/register/489720057.
To learn more about GFI SandBox, visit gfi.com, send email to ATG@gfi.com or call 855-443-4284.
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized businesses (SMB) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold ISV Partner.
Disclaimer: All product and company names herein may be trademarks of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.