Thursday, 7 June 2012

VirusTotal += hpHosts

This morning we announced that we had integrated Malware Domain Blocklist in VirusTotal's URL scanning engine. Continuing the trend of including domain scanners and datasets, we have just added hpHosts and we would like to give them a really warm welcome.

hpHosts maintains an online list of domains involved in some sort of malicious activity. The good thing about hpHosts is that it provides a very rich set of classifications for domains:
  • Domains being used for advert or tracking purposes.
  • Domains engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).
  • Sites engaged in or alleged to be engaged in the exploitation of browser and OS vulnerabilities as well as the exploitation of gray-matter.
  • Sites engaged in the selling or distribution of bogus or fraudulent applications.
  • Sites engaged in astroturfing otherwise known as grass roots marketing.
  • Persons caught spamming the hpHosts forums.
  • Sites engaged in browser hijacking or other forms of hijacking (OS services, bandwidth, DNS, etc.).
  • Sites engaged in the use of misleading marketing tactics.
  • Sites engaged in Phishing.
  • Sites engaged in the selling, distribution or provision of warez (including but not limited to keygens, serials etc), where such provisions do not contain malware.
This enhances the information rendered in the additional information section of VirusTotal reports, it is precisely there where this tool appears because it characterizes domains rather than URLs:

This is an example of a report with such information:

We started processing the hpHosts dataset today, hence, all new domains they classify from now onwards should be visible to VirusTotal.

As it happened with the Malware Domain Blocklist information, the data returned by hpHosts can be used for building customized scoring systems for full URLs.

hpHosts, once again, thanks for your collaboration!

No comments:

Post a Comment