InfoSec News

The Good , the Bad and the Unknown Online Scanners

Online Virus Scanners are quite common services, usually offered by individual Anti-Virus vendors, and most major AV's offers it.
But sometimes, you may want to check if other AV's are seeing anything malicious on a file, and for this reason the Online Multi-AV Scanners exists.
Over the past few years we saw really good examples of these services, such as Hispasec's VirusToal and many others, that while should not be
used as an AV comparative test, will give a good idea if a file is malicious or not.

The good Multi-AV Online Scanners provide good level of information to the community, such as allowing for search based on the file Hash, and
some level of feedback to the security companies.

However, the malware writers also found out about it and are now looking for such services that are not willing to contribute to the security

What follows below is a compiled list that I've been observing and researching from some time.

I classified them as RED, YELLOW and GREEN.

RED means is/was actively being used by malware writers/cyber criminals to create/verify malware
YELLOW means that I consider it suspicious but could not find enough info to classify as RED.
GREEN means general purpose AV Scanner websites that contribute/share results with AV industry. - GREEN - GREEN - GREEN - GREEN - GREEN - YELLOW - YELLOW - YELLOW - YELLOW - RED - RED - RED - RED - RED - RED

Another technique used by the malware writers is the use of standalone multi scanners, where KIMS seems to be the most popular one.

So, from now on, before you scan your file, I would recommend those marked as Green.

If you have good info about the ones marked as Yellow, please share with me and I will update this diary as needed.

Handler on Duty: Pedro Bueno ( pbueno // isc. sans. org)
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Internet Storm Center Infocon Status