Malware writers rig up against Sandboxes

While analysing a recent version of the often adapted Trojan Dropper CeeInject we stumbled over following message in the malware (in plain text):

Hi Dear sniffer
If you want to find the net
You better put some effort in doing it
Because anubis wont do the job for you

Anubis is a sandbox system reachable on the Internet where you can upload suspicious executable files to. Those are run in a safe environment and changes done to the system during that run are shown after a few minutes. Obviously, malware authors are upset about those sandboxes and now start to prepare their binaries so that the malicious activity is not detectable by them anymore.

Dirk Knop
Technical Editor