O serviço VirusTotal Monitor permite que os developers carreguem ficheiros numa Cloud privada, onde são verificados todos os dias usando soluções anti-malware de diferente fornecedores de antivírus da Virus Total.
Toda vez que o serviço sinalizar um ficheirocomo malicioso, o VirusTotal notifica o fornecedor do antivírus e o próprio developer.
Naturalmente, os arquivos analisados pelo serviço VirusTotal Monitor permanecerão privados e não serão partilhados pela empresa com terceiros.
O serviço dispõe de uma interface que permitir aos developers efetuar o upload dos ficheiros e um painel para exibir os resultados da verificação. Tanto os developers quanto as empresas de AV podem aceder o painel. O serviço também fornece APIs para integrar o Monitor com ferramentas implementadas por develpoers e fornecedores de antivírus.
“Enter VirusTotal Monitor. VirusTotal already runs a multi-antivirus service that aggregates the verdicts of over 70 antivirus engines to give users a second opinion about the maliciousness of the files that they check.” reads the announcement published by VirusTotal.
“For antivirus vendors this is a big win, as they can now have context about a file: who is the company behind it? when was it released? in which software suites is it found? What are the main file names with which it is distributed? For software developers it is an equally big win, as they can upload their creations to Monitor at pre-publish stage, to ensure a release without issues.”
O VirusTotal anunciou que o serviço Monitor não é um “get pass” para obter um ficheiro da whitelist.
“Sometimes vendors will indeed decide to keep detections for certain software, however, by having contextual information about the author behind a given file, they can prioritize work and take better decisions, hopefully leading to a world with less false positives,” continues the announcement.
“The idea is to have a collection of known source software, then each antivirus can decide what kind of trust-based relationship they have with each software publisher.”
É possível experimentar o serviço através deste link: Virus Total Monitor.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.