Now Reading
Quick Heal identifies new malware which can breach Advanced Threat Protection sandboxes

Quick Heal identifies new malware which can breach Advanced Threat Protection sandboxes

by AshwinAugust 31, 2015

Reputed Indian antivirus and security firm, Quick Heal has identified a new form of malware.


And the newly spotted one, is actually incredibly dangerous.

The malware has reportedly been designed to breach sandboxed appliances. These refer to gateways, which are protected by Advanced Threat Protection sandboxes.

Yes, a malware can actually breach a sandbox. These sandboxes isolate the network, by using a virtual environment to keep the user’s inbox free from malware. All incoming emails, are scanned by this appliance, to scan for and detect malicious activity to prevent zero-day attacks.

These appliances are a necessity nowadays, thanks to the rise of hacking and malicious attacks, the most prominent of which is called, Spear Fishing. These are usually done in the form of emails, which are sent by an attacker, disguised as an official sender, known to the recipient. The unwary user, in whose inbox the email lands, clicks on any malicious URL it may contain, or respond to the data they request, the attack begins. As a result of this, the entire network is compromised, and data/identities are stolen.

It is for these reasons, that Advanced Threat Protection sandboxes are being used to protect users, as well as the gateway, a company uses. Quick Heal Technologies Lab reports that it has actually found a malware which can breach such systems. Quick Heal explains that most malware are only designed for breaching antivirus software and firewalls, and this is the reason attackers have begun targeting sandboxed appliances to attack a network.

Since the malwares were never thought to attack sandboxed appliances, they can get around the security unnoticed. But these aren’t normal malwares by any means,  samples tested by the Lab mentioned above reveals that they are highly advanced in nature. They are reportedly powerful enough to infect a protected network using tricks to fool the security measures in virtual machines and sandboxes. Quick Heal has named this malware as APT-QH-4AG15 ( a codename whose first 6 letters undoubtedly represent Advanced Threat Protection – Quick Heal) with the other four a possible reference name.

Quick Heal says that preventing these attacks will require a multi-layer security system in place, and that a single sandbox appliance protection is ineffective to block the attacks, well if they can’t even detect the attacks, how can APTs stop them?

Quick Heal has not yet released a report about this, and is expected to do so soon. Normal users need to sweat over the issue, as this malware is only affects businesses which use APTs, as a security layer for their networks. I came across the report on NDTV‘s website.