Wednesday, March 29, 2017
Home / Malware / Analysis / VirusTotal now analyzing Your Network Traffic

VirusTotal now analyzing Your Network Traffic

The popular VirusTotal service, which was recently bought out by Google and can run more than 20 anti-virus scanners over a sample in one pass, can now also look for traces of malware infections in captured network traffic.

279528f7c90c0c5a

To perform a check, users upload network packets that are captured in the common PCAP format instead of sending VirusTotal the more traditional suspicious EXE, PDF or HTML file.

Such network traffic dumps can be created with sniffers like Wireshark or tcpdump. VirusTotal will extract all transmitted files and present them to the familiar virus scanners; registered users will also receive copies of the extracted files. The scan service also looks at the network traffic data with the Snort and Suricata intrusion detection systems. These services can, for instance, detect the communication between a botnet client and its command & control server, as well as other typical attack patterns.

The analysis that VirusTotal executes can, in essence, also be performed by manually running each scanner one by one. The new analysis feature isn’t aimed at amateur users – who will likely not make much of messages such as “NETBIOS SMB-DS DCERPC NetrpPathCanonicalize request (possible MS06-040)” – but for administrators and security specialists, it provides a very quick way of extracting useful information.

Originally posted: www.h-online.com

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …