Tuesday, 29 May 2012

VirusTotal URL scanner += AlienVault

Yesterday we added Comodo Site Inspector to VirusTotal's URL scanning engine, today we are really happy to announce that AlienVault has also become part of our small family. The list of URL scanners has now grown to 27 and a couple of other domain/URL characterization tools/datasets.

AlienVault develops and maintains several security solutions, one of the most famous ones is its OSSIM. In building these tools, the AlienVault team comes across many threats, just as they describe it in their website:
Our people constantly monitor, analyse, reverse engineer and report on sophisticated zero-day threats including malware, botnets, phishing campaigns are more. Through this team of dedicated and renowned security experts, AlienVault contributes code, documentation, analysis and research results in various forms to the security community, to educate it and to make the world a more secure place for all of us.
The AlienVault team has very kindly put one of their malicious URL datasets at our disposal so that VirusTotal's URL scanner can query it, they also publish some statistics about what they are seeing in the wild in their Open Source IP Reputation Portal.

Once again, we would like to thank AlienVault in helping us improve VirusTotal and we look forward to other malicious URL/domain datasets/characterization tools contacting us to be included in VirusTotal.

Monday, 28 May 2012

VirusTotal URL scanner += Comodo Site Inspector

Today we are integrating Comodo Site Inspector in VirusTotal's URL scanning engine. We have reached 26 URL scanners/datasets and a bunch of domain classifiers/datasets. We intend to keep increasing this figure, thus, if you are the owner of a URL blacklisting service or dataset please do not hesitate to contact us.

As to Comodo Site Inspector, you can find more about it in its home page:

http://siteinspector.comodo.com/

Including the online scanning service itself and a list of recent detections. The Comodo team describes the service as follows:
SiteInspector uses browser instance in sandboxed environment ( a virtual machine) and browses the page at the URL that you submitted. If the browser performs a malicious activity, crashes, downloads a suspicious file, changes registry entries or exhibits behavior consistent with malware activity then its flagged as malicious. This allows regular Internet users to test the safety of a particular website and allows website operators to test the safety of their website from their customers point of view. 
SiteInspector acts as a vulnerable customer by visiting the page and testing whether it launches an attack. If it does, then the scan results will warn you that the website contains malicious content. Each scan takes only a few seconds.  
This description and other details can also be found in their FAQ.

We would like to give Comodo Site Inspector a really warm welcome and thank them for allowing us to keep improving VirusTotal!