Select Page

There is a well-respected and very useful site that everyone in the anti-virus industry uses – sometimes several times a day: Virus Total. You can upload suspicious files or their check sums to Virus Total to see if a file is malicious. The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate:

Virus_total detection
(click to enlarge)

What it tries to download is detected as FraudTool.Win32.FakeRean (fs).

Here’s what the real Virus Total site looks like. It basically runs your code sample or check sum against 41 anti-virus engines and displays the resulting detections.

Real Virus Total

(click to enlarge)

We’ve entered the MD5 check sum of the VIPRE detection (above) and copied
here a portion of the Virus Total page (32 detections cut out) with the Sunbelt detection highlighted:

Virus total working
(click to enlarge)

Nice work Bharath.

Tom Kelchner