Thursday, 27 November 2014

VirusTotal += ALYac

We welcome ESTsoft ALYac engine to VirusTotal. This South Korean multi-engine antivirus includes its own engine called Tera plus the popular BitDefender engine. In the words of the company:

"""ALYac provides differentiated service with the award winning Triple-Engines.
The ESTsoft's Tera Engine, the BitDefender Engine and the Sophos Engine establish several protection layers.

With the lightweighted engine and the memory optimization, ALYac minimizes its resource usage.
Moreover, ALYac boasts excellent detection power against variant malicious files through 'Smart Scan Technology'."""

Tuesday, 18 November 2014

virustotal += Blueliv URL scanner

We are excited to announce that we have just integrated Blueliv's malicious URL tracker in virustotal, as yet one more URL scanner providing verdicts on URLs submitted by users. In their own words:
Blueliv is a leading provider of cyber threat information and analysis intelligence for large enterprises, service providers, and security vendors. The company’s deep expertise, data sources, and cloud-based platform address a comprehensive range of cyber threats to turn global threat data into real-time actionable intelligence specifically for each client in an easy-to-use dashboard. Blueliv’s clients include leading bank, insurance, telecom, utility, and retail enterprises.
At present, Blueliv's tracker is highly focused on sites used as C&C infrastructure for trojans, URLs distributing malware and sites with exploit kits, an example of their detections can be found in the following reports:
https://www.virustotal.com/en/url/78b30edc4de035348586cd408626009bbc42be366873e65a8bcc4f35f780f783/analysis/1415884660/
https://www.virustotal.com/en/url/885b6e1dc91e1f01413c0316117f294203d643a1ef3ec79c17556956ff08d086/analysis/1415890213/

Hopefully this integration will lead to increased knowledge about threats and will help protect users world-wide.

Welcome Blueliv!

Tuesday, 11 November 2014

virustotal += Detailed ELF information

In computing, the Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. It was chosen as the standard binary file format for Unix and Unix-like systems [Wikipedia].

Even though the popularity of the Windows OS among average end-user systems has meant that attackers have mostly focused on developing malware for Windows systems, ELF badness is a growing concern. The colleagues over at Malware Must Die are making a huge effort to put some focus on ELF malware, their article entitled China ELF botnet malware infection & distribution scheme unleashed is just an example.

Today we are rolling out a tool to generate detailed structural information regarding ELFs. This information includes: file header specifics (ABI version, required architecture, etc.), sections, segments, shared libraries used, imported symbols, exported symbols, packers used, etc. You may take a look at this new information in the File Details tab of the following report:
https://www.virustotal.com/en/file/cc5833d039943bcf06cb185500b21a19d4e1f73a3362943d27697fc93f7b9602/analysis/



Hopefully all this new information will bring some attention to malware targeting linux systems and will lead to better world-wide defenses against these threats.