Information Technology Security – Sensitive Information To Be Uploaded To VirusTotal
Antivirus vendors and many of the security vendors to contract the VirusTotal Intelligence. To analyze the malware specimen to be uploaded to VirusTotal. In this article I tried to tell you about the threat trends. Because you can analyze the suspicious files for free, although that can be used freely. In the uploaded Office-based document file, exe, there is one that contains the information that corresponds to the internal use only, those who have uploaded will be presumed that you are not fully aware of the specifications of the VirusTotal.
Once the file you have uploaded to VirusTotal, it is regardless of whether or not malware, VirusTotal contract user of Intelligence and you can get free.
1- Analysis Suspicious URLs: Any user can select a file from their PC using their browser and send it to VirusTotal. The web interface has the highest scanning priority among the publicly available submission methods.
2- Analysis suspicious files: In addition, not only the Office system files, in particular a large number of upload is a file of e-mail format that you exported from Outlook and other mailer (. MSG or.Email files). A file of e-mail format that does not contain the malware, have been quite a few upload from Japan. Many day are uploaded mail format file more than 100 emails, some, you can see what many, including the sensitive information in the interaction with the customer.
3- Email submissions: In the files that are not these malware, after upload to VirusTotal, really, does it have been obtained from other organizations and people. In order to confirm it, I tried to upload Excel files with embedded beacon (not filled by malware) to VirusTotal. The beacon, that gimmick to fly the request to the server when the file is opened, is to fly a beacon to the server they manage, you can see that the file has been opened somewhere on the system. Beacon from various countries over a period of several days to upload the file has been confirmed that flew on an irregular basis.
4- VirusTotal Public API: If you upload a malware to VirusTotal, which seems to be running on a number of sandbox around the world, this time, even just by uploading a document file that has not been malware judged, this is the fact that only has been opened I understand. Some of the beacon was also one that flew from the IP address Rashiki sandbox, but you cannot deny the possibility that has been opened in the system with a purpose other than malware analysis.
5- VirusTotal Windows Uploader: It is a Windows desktop application, you can send files or other documents to VirusTotal with just two mouse clicks. It makes use of the public web interface form in its code, thus, it also has the highest scanning priority.