Numerous antivirus researchers use Cuckoo Sandbox to analyse computer malware – experts recommend immediate program update.
Experts at G DATA SecurityLabs have discovered a critical security hole in malware analysis tool Cuckoo Sandbox. Numerous antivi-rus researchers use the software to analyse computer malware. Malware programmers would be able to use this vulnerability to access the scientists' systems. G DATA reacted immediately and reported the hole to the developers at Cuckoo Sandbox. In less than three hours, a patch had been produced and delivered. G DATA security experts recommend that all users of Cuckoo Sandbox update the program immediately.
The security hole in Cuckoo Sandbox is rated by Ralf Benzmüller, head of G DATA SecurityLabs, as extremely critical, as it could enable computer malware to break out of the secure analysis environment. "Cuckoo Sandbox is used by numerous AV researchers across the world. The bug we discovered can lead to malware breaking out of the protected analysis environment. In the worst case, infection of the host computer would even be possible," says Ralf Benzmüller, head of G DATA SecurityLabs. "We immediately informed the developers and are advising IT security researchers who use the tool to immediately install the program update that has been available since Wednesday."
What is Cuckoo Sandbox?
Cuckoo Sandbox is an open source program for automated malware analysis. Because the software is freely available, it is very popular with independent security researchers and small companies alike. The tool analyses the behaviour of computer malware when it infects Windows computers. It does so by placing the malware in a "sandbox" – an isolated system. Cuckoo then examines the behaviour of the malware and documents the results in reports and screenshots. From this information, researchers can determine what damage the malware will have on the infected system.
G DATA security experts have compiled detailed information in the SecurityBlog .