Thursday, 7 June 2012

VirusTotal += Malware Domain Blocklist

We are happy to announce that Malware Domain Blocklist has been integrated in VirusTotal's URL scanning engine. Malware Domain Blocklist is a dataset of malicious domains rather than a full URL scanner. As such, its results appear in the additional information field of VirusTotal reports:


The network location of any URL you submit will be parsed and compared against this dataset and, in the event that the domain was seen to exhibit some sort of malicious behaviour at some point in time, it will be flagged accordingly. This is an example of a URL report with the new information:

https://www.virustotal.com/url/69c9e6afa0ad42f53df62d517c7afc4d14ef4640d8265b108a2aa7230aa9ded2/analysis/1339060844/

It is an interesting addition since it enriches our set of tools that characterize domains. The information might seem redundant or of little use for users intending to scan full URLs rather than domains, however, it is a very useful piece of information if you want to build scoring systems for URLs. Even if the main URL scanners in VirusTotal do not detect the specific full path URL, you might want to produce your own intelligent system that receives several inputs, among them the results of domain datasets, and decides on the maliciousness of the URL.

We are really grateful to www.malwaredomains.com, keep up the good work!

No comments:

Post a Comment