SOURCE: Sunbelt Software

August 20, 2007 09:00 ET

Sunbelt Software Releases Version 2.0 of Sunbelt CWSandbox

Automated Malware Behavior Analyzer Delivers New Cloaking Techniques, Reporting and Usability Enhancements, and Improved Data Feeds

CLEARWATER, FL--(Marketwire - August 20, 2007) - Sunbelt Software, a leading provider of Windows security software, today announced the availability of Sunbelt CWSandbox™ version 2.0, a powerful tool for professional automated analysis of malware. The new version delivers significant improvements, including sophisticated cloaking techniques, enhanced malware analysis reports, and an enhanced web interface for reporting and submission of malware samples. Additionally, more comprehensive malware data collection feeds are now available that can be bundled with CWSandbox to provide additional benefits to security researchers.

Sunbelt CWSandbox enables security vendors and service providers to better thwart malicious threats through thorough analysis of malware applications and the activity they generate. Because CWSandbox uses native Windows and does not require either emulators or a virtualized environment, the analysis environment can be tailored to mirror real-world environments, including desktop applications. Complex behavior and application interaction can also be scripted and automated.

"The tests we used to evaluate the Sunbelt CWSandbox and competitors were designed to examine the products' visibility and comprehensiveness with malware we see in a typical day," said Joe Nazario, senior security researcher for Arbor Networks, a network security and operational performance provider for some of the world's largest business and ISP networks. "The CWSandbox delivered nicely. We found it relatively easy to set up and integrate into our environment with results that were better than expected. We achieved nearly complete coverage of the malware samples we threw at the sandbox, and the data we mined from the reports was perfect for our needs. The features in CWSandbox version 2.0 should help improve our processes around sample analysis and make my job easier."

"In a little less than a year since we signed our first commercial customers for CWSandbox, we have provided the tool to many of the largest global players in the intersecting worlds of telecommunications, web portals and security software. These sophisticated customers chose CWSandbox because, simply, it is the best tool on the market for malware research," said Chad Loeven, vice president for business development at Sunbelt Software. "CWSandbox version 2.0 is the result of feedback from these customers and our own research efforts, and continues to put us in the market lead and ahead of the bad guys."

Sophisticated cloaking and countermeasures

CWSandbox includes new cloaking functionality that makes it more difficult for malware to detect or bypass behavioral analysis. Improvements also support a more stable analysis process and countermeasures against rebooting and crashing caused by malware.

Reporting and usability enhancements

Improvements to CWSandbox's web interface allow for more streamlined submission of malware samples to the sandbox. Analysis results and statistics are also easier to review with layout enhancements for malware analysis reports.

Improved malware data collection feeds

CWSandbox now offers optional malware data feeds in several categories. The data feeds, also known as Threat Track™, provide daily lists of malware samples, analysis reports and known malicious urls by category, with information on whether these urls are associated with phishing, malicious/malware sites or adware. The data feeds provide CWSandbox customers with intelligence on what websites and IP addresses should be blacklisted or monitored. Using these data feeds, customers can leverage Sunbelt's own extensive Threat Research Center operations to enhance their own security and services.

About Sunbelt CWSandbox

Using a comprehensive automated system, CWSandbox uses unique technology to execute malware in a controlled environment for behavior analysis. The application provides fast analysis of large volumes of malware samples in a short period of time, capable of automatic collection of malware from different inputs including Nepenthes (a tool for automated collection of autonomous spreading malware), a web server/interface, or a directory. CWSandbox customers include some of the world's largest telecommunication, government, education, search engine, and security organizations including NTT Japan, Arbor Networks, and many others.

Availability and Licensing

Sunbelt CWSandbox version 2.0 is available immediately to the security community with flexible licensing models.

To see an example of CWSandbox technology in action, simply visit to upload malware samples and receive analysis results in minutes.

For more information on leveraging the Sunbelt CWSandbox technology for research efforts, please contact Sunbelt's Business Development at or call 888-688-8457 x. 274.

About Sunbelt Software

Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and is a leading provider of Windows security software with product solutions in the areas of antispam and antivirus, antispyware, and vulnerability assessment. Leading products include the CounterSpy product line, Ninja Email Security and endpoint firewall technologies. The company is part of Sunbelt International Group, based in Paris, France.

For more information about Sunbelt Software, please visit the company's website at:

Copyright © 2007 Sunbelt Software. All rights reserved. All trademarks used are owned by their respective companies.

Contact Information