Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Funding/M&A

Why Google Acquired VirusTotal

Google has always had a sharp nose for rising Internet trends. Just recently, the search giant announced that it had acquired VirusTotal, an anti-malware start-up company to beef up protection for its Internet services.

Google has always had a sharp nose for rising Internet trends. Just recently, the search giant announced that it had acquired VirusTotal, an anti-malware start-up company to beef up protection for its Internet services.

Google Buys VirusTotalVirusTotal is a website that provides free scanning of files for viruses. It currently uses up to 44 different ant-virus products to scan the files, uploaded by the site’s users. As a result, the site holds a vast database of both malicious and benign files, uploaded to the site by its user community.

Google realized that the lack of a community based reputation feed was a key a gap in their offering and filled that hole with this acquisition.

The Social Engineered Malware Infection Challenge

When hackers try to infect a victim’s computer with malware, they have two main options to do so.

The first is by using a vulnerability exploit, by thus tricking some software component (E.g. browser/OS/plug-in) to execute malicious content without the user consent. For example, a malicious shell code embedded within a PDF that exploits vulnerabilities within Adobe’s Reader.

The second is using social engineering – tricking the user to install this program. Some common social engineering tricks are the “Fake Anti Virus” and the “Fake CODEC” scams. In the “Fake Anti Virus” scam, the malicious site displays a message “you are infected with a virus, you can cure your machine by installing the following AV software”, when actually the promised “AV software” is a malware. In the “Fake CODEC” scam, the malicious site promises some multimedia content (usually a movie of an adult nature). When the user attempts to watch the content, the site displays a message “in order to watch the video you must upgrade your player”. Once more, the “player upgrade” is actually a malware.

While from a technical point of view, the exploit option may seem to be the cooler option of the two, studies show that users are four times more likely to be tricked into downloading malware than be compromised by an exploit.

Fighting Socially Engineered Malware Infections with a Community Based Reputation Feed

Modern browsers protect their users from malware infections, by including reputation feeds. While URL reputation feeds have some success against exploit based infections, they prove to have very little success against social engineering based infections, as depicted below, where IE 9 is the obvious exception.

Most Secure Web Browser

Figure 1- NSS labs results from August 2011

What makes IE 9 so successful in stopping social engineering based infections? The SmartScreen filter technology. A key element in the SmartScreen filter technology is a community based reputation feed. The IE browser allows its users to share their file download information automatically and anonymously to the benefit of the whole community. With that, the community gets warned not only against known bad files, but also on previously unknown files. Since the malware masquerades itself as a legitimate and popular software, it’s highly unreasonable for it to be the first time it was downloaded. Therefore, it is very efficient and helpful mechanism in mitigating social engineering based infections.

SmartScreen Filter Blocking Social Engineering Attacks

In buying VirusTotal, Google provided itself with an access to a community based reputation feed. They will probably leverage this valuable data in order to provide Chrome’s and other Google services’ users with better malware protection.

The acquisition of VirusTotal by Google signals that community based reputation feeds is a key element in a modern protection suite. We should expect the offering of such feeds soon in all of the different areas of security.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Funding/M&A

Tenable has launched a $25 million venture fund to place bets on early-stage startups in the exposure management space.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.