KnockKnock += VirusTotal

In October 2013 we announced that Windows Sysinternals Sigcheck was adding integration with VirusTotal in order to help its users with malware triage. Thereafter, Mark Russinovich has continued to plug VirusTotal into other tools commonly used by malware and forensics analysts, namely Sysinternals Autoruns and Sysinternals Process Explorer.

Today we are excited to announce that Patrick Wardle has included VirusTotal information in the Mac OS X equivalent of Autoruns: KnockKnock. In his own words:

"KnockKnock... Who's There?" See what's persistently installed on your Mac!
Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock (UI) uncovers persistently installed software in order to generically reveal such malware.

This tool is extremely useful when performing a quick malware hunt down in Mac OS X systems, and the integration with VirusTotal gives further momentum to all the efforts we have been conducting in helping secure Mac OS X users: tools to further characterize Mac OS X executables, VirusTotal Uploader for OS X, etc.

If you want to learn more about KnockKnock and download it, do not hesitate to visit the project's site: https://objective-see.com/products/knockknock.html.

Read More

Mac OS X Uploader update to version 1.2

The VirusTotal Mac OS X uploader has been updated to version 1.2. This corresponds to the source code being open sourced for it yesterday. You can download the update on our OS X desktop application page. The changes in the version from the 1.1 version are:

• Fixes and bug reports by users
• Checks for updates and will notify you if we release other versions
• You can drag and drop a file on the OS X menu bar on the application icon for scanning

Read More

VirusTotal open sources uploader for Mac OSX and Linux

Recently we released the VirusTotal uploader for OS X. It now supports Linux, and we are releasing it as open-source under the Apache License 2.0 terms so 3rd parties can package it for different linux distributions. You can git the source at: http://github.com/VirusTotal/qt-virustotal-uploader

Systems administrators, engineers and security analysts often use GNU/Linux, Mac OS, or BSD. The VirusTotal uploader can be compiled and distributed on these systems. This will give users the 2nd opinion that that VirusTotal can offer and should make queueing scans on VirusTotal easier.

The requirements to compile on linux are:

• C++ compiler (gcc tested)
• QT Version 5 or newer development packages. Most linux distributions have this already.
• C Interface to VirusTotal API which we recently open-sourced.

To compile on Mac OS X, you will need xcode development tools.

The Features of the program are the same:

• Drag and drop a file to the VirusTotal Uploader in order to scan it with over 50 antivirus solutions.
• Drag and drop a folder to the VirusTotal Uploader and schedule the analysis of its content
• Allow you to "Open With" in a file browser to scan a file.

If anyone wishes to send patches, please do a pull request to us on github. Comments and suggestions are welcome. 

Read More