Wednesday, 27 February 2013

Pimping up the characterization of Android files

Our resident Android expert, Anthony Desnos, is back from the Android jungle once again. In this new trip he has encountered and documented many new wild specimens, fought a couple of battles against nasty creatures such as Smsilence and worked hard to polish his main weapon when confronting and recognizing the evil: Androguard.

VirusTotal's private Androguard version has been noticeably improved and the information it dumps is far more extensive than it used to be, including a risk summary, permissions, permission-related api calls, activities, services, receivers, application certificate information and a very long etcetera. This new information appears under a new tab named file details, just as you can observe in the following screenshot.


This is just the very beginning of a series of new features that will hopefully improve your understanding of Android-related files, not only APKs but also DEX, ODEX and AXML formats, stay tuned! Meanwhile, you can take a look at a couple of reports with the new details:

https://www.virustotal.com/en/file/18c0da675416bd9ba06f30ad9f5a608e1ab011e71d79ee60b22d55f98f189356/analysis/

https://www.virustotal.com/en/file/d6f789450613fc8073c67d6c4374963fbf1ca675d8b3fc6221213af4a93de94c/analysis/

https://www.virustotal.com/en/file/b867e8afc9d1a25014496371bdfba2ab4ab133ff83cc1fbfcec83c11817f4d73/analysis/

As usual, suggestions and feature requests are more than welcome!

Tuesday, 12 February 2013

Join us!

VirusTotal is under heavy attack by a myriad of worms that have been given the following names by the AV industry: Win32/Bureaucracy.Worm.B, Worm:Win32/Paperwork.A, Worm.Win32.Processdriven.Gen, W32/SalesOps.Gen!B... In order to harden our infrastructure and repel this severely epidemic intrusion we are seeking a highly motivated administrative-oriented malware buster, with experience in dealing with the aforementioned malicious code but also with enthusiasm to try out new weapons and hunt down other evil categories... join the battle...

We are looking for:
  • BA or BS degree (in a technical field preferred).
  • At least 1 year of full-time relevant work experience.
  • Ability to quickly learn new tools, technologies and concepts; Interests in the Internet/ICT security field, more specifically malware and antivirus.
  • Ability to effectively communicate and collaborate with a diverse range of people and job functions.
  • Excellent communication and presentation skills, both written and verbal in English (Spanish and other languages will be a plus).
  • Preferable: technical background in order to code (python language) new product features with the engineering team when idle on support and sales operations.
  • Preferable: ICT security, Reverse engineering and malware research knowledge or passion to learn about these fields.
  • Preferable: cooking skills (big kitchen here), D&D, video-games and sports.
  • Essential: friendly, passion for sun, beach and fried fish (you will be in Malaga!)

Your work will be:
  • First level support to VirusTotal users. Troubleshoot and solve user issues (mainly via email, very occasionally on the phone).
  • Relationship management (VT Community, users, researchers, discussion lists, security groups, forums, conferences).
  • Understand complex user requirements.
  • Collect customer and user feedback, classify it, prioritize it and make it available to the engineering team. Define user needs to improve services.
  • Develop and provide custom presentations about VirusTotal services.
  • Demonstrate service usage and basic technical use cases (API integration, Intelligence investigations, etc.).
  • Manage a varied portfolio of customers at scale.
  • Manage the entire sales cycle (finance and legal tools) and customer billing working closely with the Finance, Legal and VirusTotal team.
  • Formulate legal language and agreements for new services being developed by the engineering team.
  • Come up with design ideas and improvements for existing services.

If you are interested, please send us an email to contact at virustotal.com (subject: "tech-vendor-support job offer") and don't forget to attach your CV.