What’s in a (rogue) name? VirusTotal 2010

There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate:

Virus_total_20detection

What it tries to download is detected as FraudTool.Win32.FakeRean (fs).
Here’s what the real Virus Total site looks like. It basically runs your code sample or check sum against 41 anti-virus engines and displays the resulting detections.

Real_20Virus_20Total

We’ve entered the MD5 check sum of the VIPRE detection (above) and copied
here a portion of the Virus Total page (32 detections cut out) with the Sunbelt detection highlighted:

Virus_20total_20working

This Post Has One Comment

  1. Omid Farhang
    Anonymous

    Nice write-up, Omid.

Leave a Reply