VirusTotal += Webutation

It has been a while since we last included a domain characterization dataset, we have just added Webutation and we would like to give them a really warm welcome.

The Webutation team describes its service as follows:

Webutation is an open community about Website Reputation and

• collects user feedback and customer experience about websites.
• tests websites against spyware, spam and scams with smart scanning technology in realtime.
• queries
• Google Safebrowsing against badware and phising fraud (which is used in Firefox as well and updates every half hour).
• Website Antivirus which scans sites against adware (popups), spyware (outgoing links) and viruses.
• WOT which collects some reviews about websites.
• Norton Safe Web
• as well as many other website feedback resources.

It is clear that this will surely enhance the information rendered in the additional information section of VirusTotal reports, it is precisely there where this tool appears because it characterizes domains rather than URLs, example:

https://www.virustotal.com/url/5ab7fdaa6cc0cbc8e17965044afe3c47266819335a9fa5533004113664bbb4ef/analysis/1348486392/

As it happened with the other domain characterization engines, the data returned by Webutation can be used for building customized scoring systems for full URLs.

Webutation, once again, thanks for your collaboration!

Read More

VirusTotal += Palevo Tracker

It seems that lately it is all about domain scanners/datasets, today we have included Palevo Tracker. Palevo is a worm that spreads using instant messaging, P2P networks and removable drives (like USB sticks), Palevo Tracker records the C&C hosts being used by the worm variants.

Since it is a malicious domain dataset it appears in the additional information section of URL reports, characterizing the hosts of the submitted URLs, you may refer to the additional information tab of this scan in order to see its output:

https://www.virustotal.com/url/7c22fa416c960e715d8b1e9ff6cdd160d676c081136f520d9dca2404706fb007/analysis/1339404171/

It is already the 3rd dataset belonging to abuse.ch that we integrate (the previous ones where Zeus Tracker and SpyEye Tracker), we are really grateful to them and would like to congratulate them for the great work they are doing.

Read More

VirusTotal += hpHosts

This morning we announced that we had integrated Malware Domain Blocklist in VirusTotal's URL scanning engine. Continuing the trend of including domain scanners and datasets, we have just added hpHosts and we would like to give them a really warm welcome.

hpHosts maintains an online list of domains involved in some sort of malicious activity. The good thing about hpHosts is that it provides a very rich set of classifications for domains:

• Domains being used for advert or tracking purposes.
• Domains engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).
• Sites engaged in or alleged to be engaged in the exploitation of browser and OS vulnerabilities as well as the exploitation of gray-matter.
• Sites engaged in the selling or distribution of bogus or fraudulent applications.
• Sites engaged in astroturfing otherwise known as grass roots marketing.
• Persons caught spamming the hpHosts forums.
• Sites engaged in browser hijacking or other forms of hijacking (OS services, bandwidth, DNS, etc.).
• Sites engaged in the use of misleading marketing tactics.
• Sites engaged in Phishing.
• Sites engaged in the selling, distribution or provision of warez (including but not limited to keygens, serials etc), where such provisions do not contain malware.

This enhances the information rendered in the additional information section of VirusTotal reports, it is precisely there where this tool appears because it characterizes domains rather than URLs:

This is an example of a report with such information:

https://www.virustotal.com/url/7821723d934b28639a70b11aec624f16f6126bf16491a7d2093e8e9c6c02fe88/analysis/1339091144/

We started processing the hpHosts dataset today, hence, all new domains they classify from now onwards should be visible to VirusTotal.

As it happened with the Malware Domain Blocklist information, the data returned by hpHosts can be used for building customized scoring systems for full URLs.

hpHosts, once again, thanks for your collaboration!

Read More