Thursday, 31 October 2013

VirusTotal += AegisLab WebGuard

Our effort to pump up our URL scanner backbone continues, today we are excited to announce the integration of AegisLab WebGuard, a concise malicious URL database to prevent malicious URLs whose characteristics are described by its developers as:
Fast update and leave less open window for attack. Less false positive than other web filter DBs. Website hijacking prevention. Concise malicious URL database. Including: Drive-by-Downloads, BlackHat SEOFake Anti-Virus, Installer and Updates, Scarewares and etc.
You can read more about the kind of threats that AegisLab WebGuard intercepts in this blog post: http://blog.aegislab.com/?p=78

Welcome on board guys, thanks for joining VirusTotal!

VirusTotal += RiskAnalytics AutoShun

What is AutoShunAutoShun is a small appliance that protects your network from attacks. Automatically updates itself within minutes to bidirectionally block new threats. One AutoShun device is able to protect an entire site. Configurable whitelist to ensure business partner communications. Ability to block traffic by geographic regions. Reporting on all blocked threats and traffic.
This is the way the RiskAnalytics team describes its AutoShun solution. As you may infer, in order to be able to bidirectionally block threats, AutoShun works (among other technologies and logistics) with a dataset of online threats. From now onward VirusTotal users will also be able to check their submitted URLs against this dataset, which appears in VirusTotal under the name of AutoShun.

Thank you RiskAnalytics!

Monday, 28 October 2013

VirusTotal += Emsisoft URL scanner

Emsisoft has been a long-time friend of VirusTotal, enhancing our file scan reports with their antivirus signatures. Its anti-malware product incorporates different protection layers, one of which they describe as follows:
SURF PROTECTION: If you unintentionally try to access a website that spreads trojans or spyware, Emsisoft Anti-Malware will prevent you from doing so. The built-in list of known dangerous and fraudulent websites is automatically updated every hour.
The guys over at Emsisoft are committed to continue making the Internet a safer place, as of today, in addition to their file scanner, VirusTotal URL scan reports will also integrate their threat intelligence regarding malicious URLs.

This is an example of a URL scan report where they produce a malicious verdict:
https://www.virustotal.com/en/url/eddc45e5147f369d37f2146388f3d96a02408ab30cbf9dc3e8f9cd0c896837e5/analysis/1382951589/

We are really grateful for the quick turnaround that the Emsisoft team has had in integrating their solution, thank you!

Thursday, 24 October 2013

Sigcheck += VirusTotal

Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

The Sysinternals collection includes awesome tools such as Process Explorer, AutoRuns or Sigcheck, among many others. I can still remember the times where I had to investigate remote e-banking user PCs in order to identify the culprit of a fraudulent transaction (Zbot, Sinowal, Ambler, etc.), at the time, I do not know what I would have done without AutoRuns and ProcessExplorer.

What I am trying to say is that at VirusTotal we are great fans of the Sysinternals utilities. It has been a while since we integrated Sigcheck in VirusTotal, providing extremely useful information about PE signatures, data that can be used in goodware vs. malicious scoring systems, to identify the author of a legitimate piece of software or to spot compromised certificates used in signing malware, just a couple of practical use cases.

Today we are delighted to announce that the relationship has become reciprocal and Mark Russinovich has integrated VirusTotal in Sigcheck. With a simple command-line option you are now able to query the results of a given file in VirusTotal, read more about it at the official site: http://technet.microsoft.com/en-us/sysinternals/bb897441

Thank you Mark! It has been a pleasure working together!

Wednesday, 23 October 2013

Tuesday, 22 October 2013

VirusTotal += StopBadware

StopBadware is a nonprofit anti-malware organization based in Cambridge, Massachusetts. Our work makes the Web safer through the prevention, mitigation, and remediation of badware websites. We protect people and organizations from becoming victims of viruses, spyware, scareware, and other badware.
This is the way the StopBadware team describes itself, a pretty awesome initiative that has managed to bring together many partners. From now onward VirusTotal users will also be able to take advantage of their URL verdicts.

StopBadware numbers are very impressive, since their launch they have managed to:
  • inform over 700,000 website owners about how to remediate their compromised sites and prevent future attack
  • serve more than 10 million Google and Firefox users with content about how to mitigate their risk of badware infection
  • help de-blacklist over 100,000 websites flagged by our data providers for badware
  • enlist more than 50 web hosting providers from 22 countries (and counting) in the We Stop Badware™ Web Host program, which helps those providers respond more quickly and effectively to reports of badware on their networks
Without doubt, this integration will bring great value to VirusTotal, thank you StopBadware!

Monday, 21 October 2013

VirusTotal += Threathive

ThreatHive is a domain and IP reputation tracking system comprised of data collected from various sources including sandboxing , collecting data from various spampot systems and independent research. 
This is how The Malwarelab describes its ThreatHive initiative which has just been integrated in VirusTotal. With this inclusion we are well over the 40 URL scanners, over the weekend we have integrated some new engines that we will be announcing in the coming days.

Thank you The Malwarelab!