14 DAY TRIAL // Security researchers warn that a new piece of scareware is trying to exploit the popularity and brand awareness of the VirusTotal (VT) online file scanning service. Named VirusTotal 2010, the rogue application is detected by over half the antivirus engines currently supported by VT.
VirusTotal is an online service, which can be used to scan suspicious files in order to see if its detected as malicious by various antivirus products. “VirusTotal is a service developed by Hispasec Sistemas, an independent IT Security laboratory, that uses several command line versions of antivirus engines, updated regularly with official signature files published by their respective developers,” an official description reads.
The VT website, which is available in over twenty languages and is being used by hundreds of thousands of users and professionals on a daily basis, employs 41 antivirus engines and 4 tools. Even people who never personally used the service, are likely to have seen it mentioned in security news articles, that regularly contain links to VT file analyses.
The new VirusTotal 2010 scareware trying to exploit some of this popularity was found by security researchers from antivirus vendor Sunbelt. “The makers of a new rogue have picked up on the Virus Total name in an effort to make their malicious creation look like something legitimate,” they write on the company's blog.
The term scareware refers to applications which often masquerade as legit antivirus programs and try to trick users into paying a license fee. In order to do this they display fake security alerts about fictitious threats allegedly found on their victim's computer.
Cyber criminals have made a habit from trying to capitalize on the popularity of news stories, events or even products or services, like in this case. And this is not the first time when the VirusTotal brand is being abused. Back in February, we reported about a scareware-related spam campaign using a domain with “virus total” in its name.
You can follow the editor on Twitter @lconstantin