Lista de entradas en categorķa [News]
[News] 

04
abril
2006

Presentation

hello world!
[News] 
After more than a year and a half open to public, we've decided to create this blog to have a more direct contact with the people involved in this project: users, CERTs, AV vendors, etc. This will be a place for discussing news about malware, new AV technologies, features of VirusTotal, etc. Suggestions and constructive critics will also be welcome.

Sent by jcanto @ 12:38 | Permalink | Comments (2) | Trackbacks (0)
19
abril
2006

New response system

one by one
[News] 
Finally after some days of tests, we've made public the new response system for the service. We hope you find it more friendly, besides more informative. Right now we're including the Sandbox result from the Norman engine besides packers detected by F-Prot, and some other data like hashes and file size.

Sent by jcanto @ 12:03 | Permalink | Comments (6) | Trackbacks (1)
27
abril
2006

VirusTotal += Microsoft

codename: Microsoft Malware Protection
[News] 
We've just added the Microsoft engine to the list of engines used in the service. It is soon to have an accurate idea of detection rates and so on, but time will tell. An interesting inclusion anyway.

Sent by jcanto @ 11:12 | Permalink | Comments (38) | Trackbacks (1)
09
mayo
2006

VirusTotal -= Avira Desktop

now only Antivir will appear
[News] 
By request of the company, we stop using the Avira Desktop engine, and now only Antivir will appear in the scanning results. After the 'union' of Avira and H+BEDV, this is something that had to happen.

Sent by jcanto @ 12:56 | Permalink | Comments (9) | Trackbacks (0)
23
mayo
2006

VirusTotal += Authentium

Command joins the service
[News] 
A new company joined the VirusTotal service: Authentium with their Command Antivirus. Although this product is based on F-Prot technology, it also includes their own 'flavour' (quoting their product's web): 'Based on the proven F-Prot Professional scanning engine and Authentium TSX Dynamic Scanning Technologies'.

Sent by jcanto @ 08:01 | Permalink | Comments (4) | Trackbacks (0)
13
junio
2006

VirusTotal += VirusBuster

Hungarian technology
[News] 
A new product joins the VirusTotal service: VirusBuster, from the company with the same name. This Hungarian antivirus has been arround for a lot of years.

Sent by jcanto @ 18:52 | Permalink | Comments (9) | Trackbacks (0)
04
julio
2006

On our way towards VirusTotal 2.0: We need your help

[News] 
The inception of VirusTotal had nothing to do with business plans or profit. It stemmed from a tool that we had developed internally at our Lab at Hispasec in order to perform our own tests with malware samples and AV programs. Among other things, it let us know retroactively all reaction times taken by the engines to detect a given sample. Its original name was SAV, which is what we still use internally.


One day we realized that the basic function of SAV, i.e. analyzing a sample with several AV engines, could be useful to users and we questioned ourselves: Why don't we make it public? And thus VirusTotal was born.


It has been barely two years since VirusTotal saw the light as a project in collaboration with 11 AV engines, and we still had our doubts about whether you would see it useful or not. Nowadays, VirusTotal processes over 5,000 samples daily that are analyzed by 26 AV engines and there are 7 additional AV engines that have requested their incorporation to the project.


Recently, a VirusTotal committee has been formed by those AV companies that have shown a special interest in our project. Those AV companies are Avira, ESET, Ikarus, Fortinet, Grisoft, Kaspersky, McAfee, and Panda, and we expect the committee to increase in number with the remaining AV companies that participate in VirusTotal. The members that belong to the VirusTotal committee may propose needs, functionally as well as statistically, and they are timely informed about all issues pertaining to the VirusTotal project. Their varied representation guarantees VirusTotal's transparency and independence versus individual interests.


Besides counting on the collaboration of AV companies, VirusTotal's real success is due to the great reception it has among all of you who use it and feed it new samples, from CERTs to end users. VirusTotal would have no sense without your participation, nor would it have grown the way it has during these past two years. Thank you very much for your collaboration.


We have become aware that we are experiencing a severe bottleneck, since the number of samples for analysis keeps on growing, and also the number of AV engines that participate in said analysis, which leads to a longer wait for results. One of the ways to grow and develop VirusTotal further more means incorporating powerful hardware, and in fact we have already purchased some new servers. Nevertheless, if anybody from Intel or AMD, or any company devoted to server assembly, wants to sponsor us by providing a "supermachine", it will be more than welcome ;)


Besides improving our hardware, we think software will prove to be a major push. That is the reason we have been working on a new version of VirusTotal to increase speed and the amount of parallel analysis, with more engines and in a faster fashion. We are certainly hopeful, since we have increased our present capacity tenfold in the tests we are carrying out.


Besides tackling down this obvious issue, we would like to know what other improvements and/or functionalities you would like to add to VirusTotal. Your opinion weighs heavily in this project. Write your comments or suggestions in our blog or send them directly to info@virustotal.com


We take this opportunity to thank you for your collaboration.

Sent by bquintero @ 11:23 | Permalink | Comments (44) | Trackbacks (0)
05
septiembre
2006

Banking Trojan Captures User's Screen in Video Clip

[News] 
"Keylogger" trojans are hidden programs that collect and store the keys pressed by the user to forward them to a third party. This way, the attacker receives a file containing the information the affected user has written (passwords, messages, etc.).


Many banking institutions have introduced the so-called "virtual keyboard", in an attempt to mitigate the activity of this type of trojans. It is an on-screen graphical representation of a keyboard, that the user can use to enter his data by pressing the virtual keys with his mouse instead of using his traditional keyboard.


Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.


The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when using the virtual keyboard, so that he gets the username and password without going into further trouble.


The key to develop successful policies to counteract malware is to know its techniques in detail. To achieve it we need to go one step beyond the empiric analysis of specimens found in the wild, i.e. the results we get by executing the trojan; we must take one step forward and analyze its code.


In-Depth Analysis (PDF):

http://www.hispasec.com/laboratorio/banking_trojan_capture_video_clip.pdf


In the following URL you will find a video clip/flash that illustrates the performance of the trojan in an infected system and the data sent to the attacker:

http://www.hispasec.com/laboratorio/troyano_video_en.htm

Sent by bquintero @ 13:14 | Permalink | Comments (11) | Trackbacks (1)
13
octubre
2006

New technique against virtual keyboards

[News] 
New trojan banker combines key logging with an optimized technique for virtual keyboards.

Every time the user clicks in the virtual keyboard, the trojan performs a series of small screen captures of the area that surrounds the cursor. It also adds a small red arrow that pinpoints the exact place the user clicked, so that the attacker can see clearly the key the user selected.

It has been specifically designed for banking institutions in Argentina, Bolivia, Brazil, Cape Verde, Spain, USA, Paraguay, Portugal, Uruguay, and Venezuela.

In-Depth Analysis: New technique against virtual keyboards.pdf (PDF)

In the following URL you will find a video/flash that illustrates the performance of the trojan in an infected system and the data sent to the attacker: Cajamurcia Video

Sent by fsantos @ 13:09 | Permalink | Comments (7) | Trackbacks (0)
24
octubre
2006

News at VirusTotal

more scanning power and new features
[News] 
We’ve finally ended some heavy changes at VirusTotal that will help dealing with the increasing workload the service has experienced this last weeks. Although there will be no differences in the visual aspect of the service, users will notice that waiting times for having their samples processed has been reduced considerably compared to the ones experienced this last months.

Besides this internal changes, we’ve included new features and modified other ones. The mail interface returns extra information as the web one does, as some useful data about the file processed and notes given by some engines like packers detected or the result of the Norman Sandbox when it returns something. In this same field, we’ve included a new command to that interface: sending samples with ‘scan+xml’ as subject will return results in XML format. Although information received will not vary with the usual format, this more formal response will help automated processing of this emails. This kind of processing is usual for some habitual users of the service like some CERTs and other institutions.

After ending all his deep internal changes, we’ll start to work once again in the field of the engines, updating some of the already included and preparing the integration of new ones that has been in queue for some time to be part of the service.

We hope all this changes are welcome for users of the service.

Sent by jcanto @ 11:10 | Permalink | Comments (21) | Trackbacks (0)
[1]   2   3   4   5   6   Next