Tuesday, 29 July 2014

virustotal += OpenPhish URL scanner

We keep increasing the number of engines integrated in virustotal's URL scanning backbone. Today is the turn of OpenPhish. OpenPhish is a service developed by FraudSense, whose engine was integrated a couple of weeks ago, that serves as a free repository of phishing sites detected with FraudSense's Phishing Detection Technology.

In their own words:
OpenPhish is a free service that provides a continuously updated feed of global phishing URLs that were detected by FraudSense's Phishing Detection Technology. The feed includes phishing sites from the past 7 days and is updated in real time with newly detected ones.
The feed is publicly available at:
http://www.openphish.com/

It is also served as plain text at the following URL:
http://www.openphish.com/feed.txt

An example of a report containing an OpenPhish report can be found below:
https://www.virustotal.com/en/url/7f50f5c8baf4671d4f0d54bc6b7d765292bfa9f922b6f382d1723a8d5d3fcb38/analysis/1406625327/

Hopefully this new addition will beef up virustotal's detection capabilities when it comes to phishing sites, which even though is an old scam, it is still very extended and a common threat for the average Internet user.

Welcome OpenPhish!

VirusTotal += AVware

We welcome BluePex AVware as a new antivirus product at VirusTotal. In the words of the company, it offers special focus on threats from that zone:

“The antivirus AVware is developed in Brazil with focus on regional threats.

Apart from the concern with global malicious artifacts, we have a great effort to capture the artifacts that are taking place in Latin America, for this we have partnerships with financial institutions and governments for sending these samples, our engine also uses signatures and heuristics to detect new threats.”

Friday, 11 July 2014

Mac OS X Uploader update to version 1.2

The VirusTotal Mac OS X uploader has been updated to version 1.2. This corresponds to the source code being open sourced for it yesterday. You can download the update on our OS X desktop application page. The changes in the version from the 1.1 version are:
  • Fixes and bug reports by users
  • Checks for updates and will notify you if we release other versions
  • You can drag and drop a file on the OS X menu bar on the application icon for scanning

Thursday, 10 July 2014

VirusTotal open sources uploader for Mac OSX and Linux

Recently we released the VirusTotal uploader for OS X. It now supports Linux, and we are releasing it as open-source under the Apache License 2.0 terms so 3rd parties can package it for different linux distributions. You can git the source at: http://github.com/VirusTotal/qt-virustotal-uploader

Systems administrators, engineers and security analysts often use GNU/Linux, Mac OS, or BSD. The VirusTotal uploader can be compiled and distributed on these systems. This will give users the 2nd opinion that that VirusTotal can offer and should make queueing scans on VirusTotal easier.

The requirements to compile on linux are:
  • C++ compiler (gcc tested)
  • QT Version 5 or newer development packages. Most linux distributions have this already.
  • C Interface to VirusTotal API which we recently open-sourced.
To compile on Mac OS X, you will need xcode development tools.

The Features of the program are the same:
  • Drag and drop a file to the VirusTotal Uploader in order to scan it with over 50 antivirus solutions.
  • Drag and drop a folder to the VirusTotal Uploader and schedule the analysis of its content
  • Allow you to "Open With" in a file browser to scan a file.
If anyone wishes to send patches, please do a pull request to us on github. Comments and suggestions are welcome. 

Tuesday, 8 July 2014

virustotal += Spam404 URL scanner

Spam404 is a blacklist of abusive domains that engage in shady activities such as scamming, spamming, phishing, etc. As described by its developers:
We are mainly blacklisting websites that are tricking users into completing offers by advertising content that is very desirable but the website doesn't actually have the content and it is just to make the end user complete an offer. From our intense research, these kind of websites are not getting enough attention in terms of blacklisting and we are the only website to offer such a blacklist for these kind of websites but we believe it is in the best interests of all internet users to have these kind of websites blacklisted.
We are also blacklisting other abusive websites including phishing and other kinds of scams.
As of today, Spam404 is producing verdicts for URLs submitted to virustotal, giving yet another notion of maliciousness to users enjoying the service. An example of a Spam404 detection can be found here:
https://www.virustotal.com/en/url/68f2ffc241ee0f1b904ebfa6db49fe3fbf5a39c9a170bfef198400ff26a9969b/analysis/

Welcome Spam404 team!

Monday, 7 July 2014

virustotal += Rising URL scanner

Rising is a Chinese software company that produces the anti-virus software Rising Antivirus, a firewall, UTM and spam-blocking products. Rising antivirus has been running in virustotal for quite some time, today we are excited to announce the integration of their URL scanner, which will be enhancing virustotal's web checking backbone.

Hopefully this integration will lead to a greater coverage of threats targeting Chinese end-users. This is an example of a Rising detection:
https://www.virustotal.com/en/url/0b03fa909a2cdee2fe197b26fe6ec3880a55cc436e474d50713b8a1fdff3bafa/analysis/

Thank you Rising team!

Monday, 23 June 2014

VirusTotal += FraudSense

We are excited to announce the inclusion of FraudSense as a new URL scanning engine in VirusTotal. FraudSense offers services to automate and enable real-time detection of phishing sites and their targeted brands. They have developed their own in-house phishing detection technology, which they describe as:
Based on cognitive concepts, artificial intelligence and active learning, our innovative technology automates what has traditionally been a labor-intensive process and enables real-time detection of phishing sites and their targeted brands.
Key features include:
0-Day Phishing Detection: Early discovery of new, unreported phishing sites.Brand Recognition: Accurate identification of the targeted brand.Language-Independent: Detection of both English and non-English phishing sites.Self-Sufficient: Independent of community-sponsored blacklists.
FraudSense is exposing its phishing feed to VirusTotal, so that users can check whether a given URL is already in their blacklist and hopefully get yet one more second opinion that will help them in keeping their environments safe.

An example of a URL detected by FraudSense:
https://www.virustotal.com/en/url/59c8caddf3295bfb72361d76ccb77f7405c6b4478ed4391eee7a9e80929734a8/analysis/

Welcome FraudSense!