Also, if you actually looked at the program, you would see that ANY executable program can be ran sandboxed, not just web browsers.
Baloney.
SQL injection uses neither “Web Browsing” nor “Email”.
If I want a sandbox, I’ll use a VM.
Meanwhile, in USB-enabled, non-mathimaticaly impaired reality land:
Flame can also move the target informationalong with a copy of itselfonto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.