Recently a colleague (not in this firm) who had experienced a phishing attempt indicated that she had not only permanently deleted the phishing message (that is, deleted it from her Trash folder), but had run a utility program to “clean” her machine (the name of the program is beside the point). I had not heard of the program, so I went to a trusted security source to look it up. I found the utility listed, and the search result was what I had suspected.
My colleague’s beloved utility is an established program, but it had gone rogue, a Trojan detected in the latest version. And her antivirus completely missed it. As I mentioned in last week’s Fix It Friday, many consumers get a nasty surprise from trusted established programs going rogue. And some malware masquerading as an app functions in the way the app should, at least initially, convincing the user the app is legit.
Especially in the realm of freeware, the motto “Buyer Beware” should be the rule of thumb. Initial checks are great, but ongoing monitoring of the legitimacy of the code by whatever name you want to call it (app/plugin/extension/software) is on you.
The problem? Any one antivirus software package designed for home use catches about 66% of extant threats. So what about the other third?
The digital products of large corporations undergo continuous scrutiny, so bugs and vulnerabilities come to light, with information about them disseminated across web sites and Twitter almost in real time! But products from smaller entities (including individuals), like utility programs, apps, extensions, etc. do not undergo the same ongoing crowd-sourced scrutiny. Add to the mix the 2/3 efficacy of most antivirus applications, and this can be a substantial exposure for many users. That’s where this service comes in handy.
VirusTotal allows users to submit code and URLs, which the service and its partners then run through 70 anti-virus programs and URL /domain blacklisting services, plus a bunch of other tools designed to sniff out malicious code. The results are aggregated and shared via the web site. That malware that gets past the average antivirus likely won’t sneak past VirusTotal.
The database of programs and the archive of the outcomes of their scans is easily searchable. The utility my colleague used had a long history of scans and the latest one had detected the Trojan. With the information about the version that had been run and the date, she can now determine if the code she had installed on her computer likely included malicious code and proceed accordingly.
VirusTotal is free to non-commercial users. The code non-commercial users submit for scanning is a product VirusTotal provides to its commercial users (who do pay). It’s hard to see the downside for the non-commercial user searching for information on a piece of software or submitting code or a URL to be checked.
The upshot? Keep an eye on the tools you use, so you don’t inadvertently try to address an attempted cyber attack with malware you installed yourself.