Thursday, October 11, 2012

, , ,

Pimping up VTchromizer

Among the goodies offered by VirusTotal to the community we can find VTchromizer. VTchromizer is a Google Chrome browser extension that simplifies the process of scanning Internet resources with VirusTotal. It allows you to scan links (including links to files) directly with VirusTotal's web application. It will scan the submitted URLs with URL scanners and the content downloaded from the scanned site with VirusTotal's antvirus solutions.

Some days ago Kyle Creyts from Lastline sent us an email asking us for permission to publish a small Chrome extension that made use of VirusTotal:

This extension makes a new "Get VT analysis" context menu entry when you select text and right click on it.
It's quite simple to use. You select the text of a hash in your browser, right click on it, and select "Get VT analysis for %s" from the context menu (where %s is the hash). I have it set up to use the selection length to validate that the input is a valid {md5,sha1,sha256} hash. I could easily add the ability to validate the character range (hex).

We love when the community builds tools with VirusTotal, we are absolutely in favour  of promoting third-party altruist efforts that will improve the overall end-user security. Hence, we strongly encourage Kyle to publish his extension, it is a really good idea.

It is such a good idea that we did not hesitate to include that functionality in our own official extension:

As of version 1.2, whenever you select a text and right-click on it a context menu will appear that allows you to check the selected text with VirusTotal:

  • If the selection is an md5, sha1 or sha256 hash the extension will display the VirusTotal report for the file with that hash.
  • If the selection is any other text the extension will look for any comments in VirusTotal Community tagged with the given term.

This is in addition to the traditional feature that allows you to right-click on any link and submit it for scanning.

Thanks for the idea Kyle! As usual, if you have any suggestions or feature requests please do not hesitate to contact us, we will be more than happy to consider and implement them.

Wednesday, October 10, 2012

, , , , ,

VirusTotal += Netcraft

Netcraft Toolbar is one of the most known antiphishing/antimalware browser toolbars out there. The Netcraft team describes its software as follows:
The Toolbar community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing attacks. Once the first recipients of a phishing mail have reported the target URL, it is blocked for community members as they subsequently access the URL. Widely disseminated attacks (people construct phishing attacks send literally millions of emails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner.
The Netcraft Toolbar also:

  • Traps suspicious URLs containing characters which have no common purpose other than to deceive.
  • Enforces display of browser navigational controls (toolbar & address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls.
  • Clearly displays sites' hosting location, including country, helping you to evaluate fraudulent urls (e.g. the real or sites are unlikely to be hosted in the former Soviet Union).
Taking all of this into account we are really excited to announce that Netcraft has been integrated in VirusTotal, you will now see it as another URL scanner in VirusTotal's URL scanning service.

With this addition we have already over 30 URL scanners and are looking forward to be in the forties as soon as possible, so if you have an interesting malicious URL dataset or URL scanner please do not hesitate to contact us, we will be more than happy to include you!

Thank you Netcraft team!