Pages

Tuesday, July 31, 2012

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.


VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
No file selectedChoose File
Maximum file size: 32MB
You may prefer to scan a URL or search through the VirusTotal dataset

What is VirusTotal

VirusTotal is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
VirusTotal’s mission is to help in improving the antivirus and security industryand make the internet a safer place through the development of free tools and services.
VirusTotal's main characteristics are highlighted below.
Free independent service
VirusTotal is offered freely to end users as long as its use has no commercial purpose and does not become part of any business activity. Even though the service is made up of engines belonging to different enterprises and organizations, VirusTotal is completely independent from these partners, we do not distribute or advertise any products belonging to third parties, we simply act as aggregators of information. This characteristic prevents us from being subjected to any kind of bias and allows us to offer an objective service to our users.
Runs multiple antivirus engines and website scanners
VirusTotal simply acts as an information aggregator, the aggregated data is the output of different antivirus engines, website scanners, file and URL analysis tools and user contributions. The full list of antivirus solutions and website scanners used in VirusTotal can be found in the credits and collaboration acknowledgements section.
Runs multiple file and URL characterization tools
As previously stated, VirusTotal also aggregates the output of a number of file and URL characterization tools. These tools cover a wide range of purposes, ranging from providing structural information about Microsoft Windows portable executables (PEs) to identifying signed software. The full list of file and URL characterization tools used in VirusTotal can be found in the credits and collaboration acknowledgements section.
Real time updates of virus signatures and blacklists
The malware signatures of antivirus solutions present in VirusTotal are periodically updated as they are developed and distributed by the antivirus companies. The update polling frequency is 15 minutes, this makes sure that the products are using the latest signature sets.
Website scanning is done via API queries to the different companies providing the particular solution, hence, the most updated version of their dataset is always used.
Detailed results from each scanner
VirusTotal does not only tell you whether a given antivirus solution detected a submitted file, it also displays the exact detection label returned by each engine (e.g. I-Worm.Allaple.gen).
This feature is also present in URL scanners, most of them will discriminate malware sites, phishing sites, suspicious sites, etc. Moreover, some of the engines will provide additional information explicitly stating whether a given URL belongs to a particular botnet, which brand is targeted by a given phishing site, etc.
Real time global service operation statistics
Information about the number of resources (files and URLs) processed by VirusTotal can be found in the statistics section. These statistics provide a number of notions and groupings such as global detection ratios for the received files, submissions per country, most popular detection labels, etc. No statistics comparing the different antivirus products and website detection engines are generated neither will they be ever generated (on a public or private basis), even though their calculation is trivial, the reason behind this is that using VirusTotal for antivirus testing is a bad idea.
Automation API
File and URL scanning can be automated with a free public API. For obvious reasons (including prevention of competition with the antivirus products present in VirusTotal), the public API is subjected to a strong request rate limitation. Should a user require a higher request rate, a honeypot API is available for researchers and a private mass API is offered to individuals with commercial and product enhancement intentions. A detailed specification of the different APIs can be found in the advanced features section.
Online malware research community
In August 2010 VirusTotal integrated a pseudo-social network that allows its users to interact with other users and comment on files and URLs. These comments may range from deep malware analyses to information on the distribution vector and in-the-wild locations of the submitted files, hence, the community acts as the collective intelligence component of VirusTotal. Files and URLs can be voted as malicious or innoquous, building a community maliciousness score for the resource.
In other words, when security products fail (false positives/false negatives), there is still a chance that some VirusTotal Community user will have produced a useful review of the resource for its community peers.
Desktop applications for interacting with the service
With the aim of making the Internet a safer place VirusTotal's team has released a number of desktop applications and tools for interacting with the service (one-click file uploader, browser extensions, etc.). Many VirusTotal's users have also developed their own applications and have made them publicly available on the Internet. More information about these resources can be found in the advanced features section.

Governing principle

The most important rule governing VirusTotal's usage is that none of its publicly offered services/applications should be used in commercial products, commercial services or for any commercial purpose. In the same way, none of the services should be used as a substitute for security products. This is particularly critical and of utmost importance when dealing with the public API.
Additionally, as stated in the Terms of Service and Privacy Policy, when using VirusTotal the user explicily commits to:
  • Not use the services, products, content and/or tools that VirusTotal has made available, for illegal purposes or purposes expressly prohibited by the Terms of Service or the effects of which may infringe upon the rights or interests of VirusTotal or third-parties.
  • Abstain from any activity that could damage, overload, harm or impede the normal functioning of VirusTotal's websites. Similarly, and in accordance with applicable legislation, the user undertakes to refrain from illicitly or fraudulently obtaining site contents or stealing or plagiarising said contents.
  • Not to use the products, services, contents or tools for illicit purposes, or for any end which could hinder VirusTotal in any way.
  • Not to use the products, services, contents or tools in any way that could harm the antivirus industry/URL scanner industry, whether it is directly or indirectly.

How to send a file

A number of file submission methods are available in VirusTotal.
Web
Any user can select a file from his PC using his browser and send it to VirusTotal. The web interface has the highest scanning priority among the publicly available submission methods. Go to the main file scanning form.
VirusTotal Uploader
This is a Windows desktop application for sending files to VirusTotal with just two mouse clicks. It makes use of the public web interface form in its code, thus, it also has the highest scanning priority. Download VirusTotal Uploader.
Email
Lets you upload files via email and receive the scan results in your mailbox. The files are uploaded as email attachments and the results can be received either in plain text or XML. This interface has the lowest priority among the publicly available submission methods. Read more about email submissions.
Public API
Submissions may be scripted in any programming language using the HTTP based public API. The API has the second highest priority among the publicly available submission methods.

How to send a URL

As with files, URLs can be submitted via different means, these are detailed below:
Web
Any user can type a URL in his browser and send it to VirusTotal. The web interface has the highest scanning priority among the publicly available submission methods. Go to the main URL submission form.
VirusTotal's Browser Extension
VirusTotal's Browser Extension make use of the public web interface form in their code, thus, they also have the highest scanning priority. Download the appropriate VirusTotal Browser Extension for your browser.
Public API
URL submissions may be scripted in any programming language using the HTTP based public API. The API has the second highest priority among the publicly available submission methods.
Unlike file submissions, there is no email interface to support sending of URLs.

Important notes and remarks

VirusTotal: second opinion, not a product substitute
VirusTotal is not a substitute for any antivirus/secruity software installed in a PC, since it only scans individual files/URLs on demand. It does not offer permanent protection for users' systems either. At VirusTotal we think of our service as a second opinion regarding the maliciousness of your files/URLs.
Although the detection ratio achieved by the use of multiple antivirus engines/URL scanners is far superior than that offered by just one product, these results DO NOT guarantee the harmlessness of a file/URL. Moreover, the aggregate amount of false positives of multiple solutions is higher than that of any individual scanner.
Currently, there is no solution that offers 100% effectiveness in detecting viruses, malware and malicious URLs. You may become a victim of deceitful advertising, if you buy such a product under those premises.
Ethical and non-commercial use is a must
None of the services or applications publicly offered on this site should be used in commercial products, commercial services or for any business purpose. In the same way, none of the services should be used as a substitute for security products.
Similarly, VirusTotal should not be used in any way for unethical/malicious purposes.
More information on VirusTotal's usage terms can be found in the Terms of Service and Privacy Policy section.
BAD IDEA: VirusTotal for antivirus/URL scanner testing
At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:
  • VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
  • In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
  • Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.
These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea, you can read more about VirusTotal and antivirus comparatives in our old blog. The Prevx team also made an entry in their blogdiscussing the matter.
False positives
Very often antivirus solutions and URL scanners will produce false positives, i.e. detect as malicious inoquous files and URLs. These erroneous detections may severely hinder the business activity/popularity of third party products (e.g. refrain access to a given site, disuade users from downloading and installing a given application, etc.).
VirusTotal simply acts as an information aggregator and cannot and will not be held responsible for these false positives. VirusTotal will not whitelist any files or URLs and will not remove any detections resulting from the normal operation of the products it makes use off. False positives should be dealt with the developer/company that offers the product generating the erroneous detection. Links to the sites of the developers/companies of all products/tools used used in VirusTotal can be found in the credits and collaboration acknowledgementssection.
Having said this, VirusTotal does offer a premium file detection monitoring service (VirusTotal Monitor) that acts as an early warning system about false positives. Files submitted to your premium account are periodically scanned with antivirus' latest signature sets, informing you immediately whenever any product flags any of your files as malicious. Should you be interested in receiving more information on this service do not hesitate to contact us.
VirusTotal and confidentiality
Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection.
By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.

Malware posing as email from Facebook on the prowl !

20 Jul, 2012, 3:27 pm IST | by Anuradha Shetty 

T
he next time you hit a link in an email seemingly from Facebook, spare a moment to read it. A malware has been reportedly targeting Facebook users by asking them to click a link in an email to view their photo on Facebook. Once someone has clicked on the link, it takes the victim to malware-ridden pages. SophosLabs recently managed to detect what it refers to as "a spammed-out email campaign"  that had been initiated to infect computers of the recipients of such emails. On the face of it, the email looks like one from Facebook. It is only upon closer inspection that the bluff gives away. 


See what's wrong?
See what's wrong?


Look carefully at the e-mail image above. While it may look like an absolutely harmless piece of information asking you to click on the link; closer inspection would reveal that the 'from' address misspells Facebook as Faceboook. If you do not spot the anomaly and click on the link, you will not be directed to a website with malicious iFrame script. Sophos reveals the script "takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware".

To keep the user in the dark further, the browser redirects within four seconds to the Facebook page of any other innocent user via a Meta redirect. SophosLabs have added detection of the malware as Troj/JSRedir-HW. At the moment, SophosLabs is still investigating on the malware, and will reveal details as soon as they're known. However, users are being urged to be more cautious when online.

Yesterday, reports about yet another malware had surfaced. Here, Sophos had pointed out that a malware attack had taken place and it was in an email in French attached with intimate photos that appear as if sent from Facebook. Here, miscreants tried to play havoc by alluring netizens to click on such photos, and have even been successful in getting people to click on them. Such instances are not new and in the past inboxes have been spammed with topless supermodel photos to spread Mac malware, or photos of an English football star caught in the act with a prostitute.  

At the moment though, caution seems to be the only solution. In this latest instance, SophosLabs added that even if a user missed spotting the extra 'o' in Faceboook, he could have smelt rat by hovering their mouse over the link. With the malware, ranging in intensity finding ways to seep into systems, users need to be more cautious, lest their precious security is compromised by miscreants.





Hackers Using Facebook To Get Your Social Security #  And Steal Your Identity


You make it easy for them, now they can get credit cards and car loans in your name, watch this video and heed the warning... you have been warned. also, last year, a computer was able to correctly guess the social security numbers of 9% of EVERYONE born after 1989 using info people publically submit on facebook... scary stuff indeed, i suggest everyone does what it says in this video, either that or risk someone opening up credit cards and getting loans in your name, there are two things in this video, i suggest you do both of them, these two things are not related to the computer getting info, at least not directly...



Ref:tech2.in.


Monday, July 30, 2012

Compare Health Profile: Singapore and Myanmar!



Data and statistics







Resources for the prevention and treatment of substance use disorders
The Global Information System on Resources for the Prevention and Treatment of Substance Use Disorders maps and monitors health system resources at the country level to respond to the health problems due to substance use.



Global Health Observatory

WHO's portal providing access to data and analyses for monitoring the global health situation


Health services

1.7 bedsper 100 000 population are available for the treatment of alcohol and drug use disorders.
Beds for the treatment of alcohol and drug use disorders

Pharmacological treatment

30%of countries have methadone and buprenorphine available for the maintenance treatment of opioid dependence.
More on the maintenance treatment of opioid dependence

Prevention

9%of countries have routine screening and brief interventions for alcohol use and alcohol use disorders in primary health care.
More about screening and interventions for substance use
















The World Health Report

Annual report with an expert assessment of global health including statistics. Focuses on a particular theme every year.WHS2012

 Key WHO publications

Key WHO publications

  • The World Health Report
    Annual report with an expert assessment of global health including statistics. Focuses on a particular theme every year.
  • International Pharmacopoeia
    Collection of quality specifications for pharmaceutical substances and dosage forms, for reference or adaptation by WHO Member States.

Journals














































WHO guidelines

WHO guidelines

Compare Health Profile: Singapore and Myanmar

Singapore




Statistics

Total population4,737,000
Gross national income per capita (PPP international $)47,970
Life expectancy at birth m/f (years)79/84
Probability of dying under five (per 1 000 live births)3
Probability of dying between 15 and 60 years m/f (per 1 000 population)76/42
Total expenditure on health per capita (Intl $, 2009)2,086
Total expenditure on health as % of GDP (2009)3.9
Figures are for 2009 unless indicated. Source: Global Health Observatory
Singapore Health Profile!




Myanmar



Map

Myanmar
This map is an approximation of actual country borders.



Total population50,020,000
Gross national income per capita (PPP international $)1,020
Life expectancy at birth m/f (years)61/67
Probability of dying under five (per 1 000 live births)71
Probability of dying between 15 and 60 years m/f (per 1 000 population)275/188
Total expenditure on health per capita (Intl $, 2009)23
Total expenditure on health as % of GDP (2009)2.0

Myanmar Health Profile!


Ref:Searo.who.int