There is a well-respected and very useful site that everyone in the anti-virus industry uses � sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate:
(click to enlarge)
What it tries to download is detected as FraudTool.Win32.FakeRean (fs).
Here�s what the real Virus Total site looks like. It basically runs your code sample or check sum against 41 anti-virus engines and displays the resulting detections.
(click to enlarge)
We�ve entered the MD5 check sum of the VIPRE detection (above) and copied
here a portion of the Virus Total page (32 detections cut out) with the Sunbelt detection highlighted:
(click to enlarge)
Nice work Bharath.
Tom Kelchner
No comments:
Post a Comment