According to PandaLabs, cyber-crooks are looking for ways to test their creations before distributing them. An investigation conducted by the malware analysis and detection laboratory at Panda Security, has shown that cyber-crooks are collaborating on different forums and pages to develop test-tools that replicate the scans of some of the leading security solutions. This allows hackers to check their creations will be undetected before launching them.
"The tool is very similar to Hispasec's legitimate 'Virus Total' tool. In fact, the increasing interest in these new tools coincides with the removal of the "do not distribute the sample" option in 'Virus Total' which allowed files to be scanned without sending the sample to security companies," explains Luis Corrons, Technical Director of PandaLabs.
From the point of view of a malware developer, one of the main goals when developing a new creation is to avoid antivirus detections, via signature or heuristic technologies. There are different ways to do it, such as using free on-line scanners offered by most of the vendors. But this is something tedious, as you have to go from one to another all the time. These tools represent another piece of the new malware dynamic, in which cyber-crooks no longer seek to cause widespread alerts and make the headlines, but to go unnoticed. They therefore want to check their creations are undetected by companies before launching them.
"Even if their creations were detected by one or two companies, they could still launch them, as they would affect all users with different security technologies," says Luis Corrons.
When VirusTotal was born a few years ago, some people were claiming that it was being used by malware developers to test their creations. In some cases, we knew it was true, as we have seen some advertisements in forums showing the scanning results from VirusTotal claiming that certain malware was not detected by any vendor. On January 3rd, VirusTotal decided to remove the option "Do not distribute the sample", so each and every file could be sent to any antivirus vendor.
It uses some kind of "install & forget" philosophy. When you install it, you do not need to do anything else, but updating it from time to time. If you take a look at the update option, you’ll see that the different signature files will be updated. Maybe its disadvantage is the limited number of engines it uses, though they are likely to improve it considerably in future versions.
Seagate introduces at CES a free software upgrade that provides a secure and easy-to-use remote access service, empowering people to easily and securely retrieve content stored on their Maxtor Shared Storage II network attached drive through any Internet browser. This latest offering from Maxtor demonstrates the company's ongoing commitment to providing the tools people need to back up, access and share digital assets while in the office, at home or on the road. Maxtor Central Axis software will be a free software upgrade for anyone that chooses to enable the remote access capabilities of their Maxtor Shared Storage II drive.
