Tuesday, April 28, 2015

, , , , , ,

KnockKnock += VirusTotal

In October 2013 we announced that Windows Sysinternals Sigcheck was adding integration with VirusTotal in order to help its users with malware triage. Thereafter, Mark Russinovich has continued to plug VirusTotal into other tools commonly used by malware and forensics analysts, namely Sysinternals Autoruns and Sysinternals Process Explorer.

Today we are excited to announce that Patrick Wardle has included VirusTotal information in the Mac OS X equivalent of Autoruns: KnockKnock. In his own words:
"KnockKnock... Who's There?" See what's persistently installed on your Mac!
Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock (UI) uncovers persistently installed software in order to generically reveal such malware.

This tool is extremely useful when performing a quick malware hunt down in Mac OS X systems, and the integration with VirusTotal gives further momentum to all the efforts we have been conducting in helping secure Mac OS X users: tools to further characterize Mac OS X executables, VirusTotal Uploader for OS X, etc.

If you want to learn more about KnockKnock and download it, do not hesitate to visit the project's site: https://objective-see.com/products/knockknock.html.