Wednesday, 18 September 2013

VirusTotal += CMC

We welcome CMC as a new engine working at VirusTotal. In the words of the antivirus company:

"CMC featured in house developed engine called Odin with static, dynamic unpackers, an x86 virtual machine to provide advanced de-obfuscation and in-memory engine to detect malware called Sonar. There is also a reputation based system named CMCRadar to accelerate response time, early warnings and global white listing."

Tuesday, 17 September 2013

VirusTotal += Bkav

We welcome Bkav as a new engine working at VirusTotal. This scanner includes both signature based and cloud technologies. This vietnamese company, established in 1995, is also a smartphone manufacturer.

Wednesday, 4 September 2013

VirusTotal += Zemana AntiLogger metadata

Zemana is a security solutions provider that produces, among other software, a popular antilogger, in their own words:
In a nutshell, the AntiLogger is a lightweight app that keeps track of who is doing what on your computer. Instead of identifying malware based on its signature fingerprint, like all malware products with scan functionality, the AntiLogger catches malware at the moment it attacks your computer. It will then prompt you if an illegal program is trying to record your keystrokes, capture your screen, gain access to your clipboard, microphone and webcam, or inject itself into your computer’s sensitive areas.The AntiLogger features our unique SSL Intrusion Protection technology that guards you against advanced forms of Financial Malware. The AntiLogger is one of the very few products on the market today able to detect these dangerous and complex threats. Zemana AntiLogger is not designed to replace your installed antivirus software -- it's made to detect serious threats that are outside of their scope. It adds an extra layer of essential protection to whatever anti-malware or anti-virus software you're currently using.
As part of the work that Zemana carries out with respect to these forms of malware, they come across many malicious files and are able to characterize their behaviour according to the information theft activities they carry out. Zemana has been kind enough to share some of its behavioural notions with VirusTotal and now for many of the files in our dataset you will see Zemana behavioural tags such as:


  • keylogger
  • screen-capture
  • webcam-capture
  • microphone-access
  • clipboard-monitor
  • dll-injection
  • driver-installation
  • startup-registration
  • bho-installation
  • ssl-hook-installation


Please refer to the additional information tab of the following report in order to see how this data is rendered publicly:
https://www.virustotal.com/en/file/7a8a5298f0a5e8222f3746b429a18dbdaeb8bbc7a4070ef4490824ffda0b2c66/analysis/

This information is particularly interesting as it characterizes behaviour in end-user physical machines, i.e. real-world scenarios, so it can overcome common problems with behavioural sandboxes such as virtual machine detection. But the metadata shared does not limit to this, as they are also providing interesting data such as the in the wild file names for certain malware, which can sometimes be a hint regarding the dissemination and propagation strategies used by attackers.

Additionally, since Zemana is not designed to replace installed antivirus software but rather as a complementary security layer, they are very often able to detect zero-day malware with low detection rates, samples that they are actively sharing with VirusTotal in order to improve detection rates world-wide and help make the Internet a safer place.

Thank you Zemana team! Keep up the good work!

Tuesday, 3 September 2013

VirusTotal += Baidu-International

We welcome Baidu International as a new engine working at VirusTotal. In the words of the antivirus company:

“Baidu international antivirus engine innovated original ultrafast cloud security technology. We established a huge Black-White sample list system. By aligning the client software on the user's computer with servers in Baidu cloud security data center, Baidu Antivirus utilizes cloud computing technology and its massive file database to quickly and accurately eradicate the latest trojans, unknown trojans, and other malicious programs. This solves the problems faced by traditional antivirus software such as the lag behind the latest trojans and viruses and the huge consumption of computer resources.”