Norman SandBox Reporter

Key features

Norman SandBox Reporter provides you with comprehensive information of samples that have been analyzed by Norman’s malware labs during the past 24 hours. Information in this subscription includes SandBox summaries of the files' behavior and intent, a list of IRC networks found in the new malware, complete with login details as well as a list of URLs and files the malware tries to contact or download from the Internet. These files normally contain malicious code like viruses, trojans, and spyware. Having access to this information as soon as possible adds another layer of protection to the network.

A list of URLs that might contain malicious code. This list can be used in many ways, such as importing it to a URL blocklist filter to prevent any computer behind the filter to access these sites. ISPs can use the list to take down websites containing malicious code.
A list of IRC network servers that malware tries to connect to. The list includes server names, ports, username and password etc. These IRC networks are most likely botnets.
A SandBox summary of most of the files that have been analyzed in the same period. The summary contains more detailed information about the files behavior and intents.
The list is provided in both .txt and .xml format for easier management.

Downloads

Title	Comment	Usage
Try Norman SandBox Analyzer products	Online registration form	Form
Request live demo	Live demo of Norman SandBox analyzer products	Form
Norman Green Book on Analyzing Malware	Executive White Paper	Whitepaper
Norman Sandbox Reporter	English	Product sheet
The SANS Technology Institute - Interview About The Norman Malware Analyzer	Interview with Kurt Natvig and Righard J. Zwienenberg from Norman.

Detailed product information

Botnet attacks

Some of the most common actions performed by malware today are the creation of robots, botnets and malware connecting to servers on the Internet.

A botnet consists of thousands of sleeping robots installed in computers around the world. These robots are installed without the user’s knowledge and can be remotely controlled by computer crimi-nals in order to perform various illegal activities, such as Distributed Denial of Service attacks (DdoS), phishing attempts, spamming, keylogging etc.

The malware connects to servers on the Internet to either download more malicious files or to upload information taken from the computer where it is installed. This can be everything from documents to usernames, passwords and credit card information. The information provided by the SandBox Reporter can be used in detection systems to identify and block malicious behavior not yet detected by reactive antivirus technologies.

How can Norman SandBox Reporter help?

Save time

The average response time to a new threat is normally 6 – 24 hours.
Get a head start with knowledge of what the sample is trying to do.

Save money

A growing number of viruses to analyze require a high number of analyst efforts.
Finding the right people to analyze malware is a difficult, time-consuming, and costly task.

Save the day

You have been in the situation where something needed to be analyzed yesterday and now you have access to the tools to make it happen.

Find your local reseller

Relevant products

Norman SandBox Analyzer (Enterprise)

Norman SandBox Analyzer Pro (Enterprise)

Norman SandBox Online Analyzer (Enterprise)

Support

Support issues for Norman SandBox Reporter