Wednesday, August 1, 2007

I am the virus (virustotal.com)

The first rule of virus safety (well, maybe the third) is never open an attachment if you don't know what it is. Even if it seem to come from a trusted source, any unexpected attachment should be viewed with suspicion.

Now there are many attachments that couldn't contain viruses if anyone wanted to. However, it is good policy to still be wary. A file may look like a innocent text file, but may could actually be disguised with the double extension trick (naming the file "file.txt.exe" would show up as "file.txt" on many computers, but run as a program).

It may also be hidden inside a .zip file. Some viruses are sent in an encrypted .zip file with the password in the body of the message. This often cannot be scanned by antivirus on the way in, and thus gets delivered to your mailbox.

However, there may be times when you want to be sure about the file. That's when Virustotal is worth using.

Virustotal is simple: you upload the suspecte file into their system. It is then checked against several antivirus software vendors records. This is useful: when a virus is new, not all antivirus detects it.

A few months ago, I tried this on a suspected virus. It was indicated as a virus by about half the vendors. A few hours later, I tried again; this time everyone detected it.

It isn't foolproof, but it's a good way to check if you're not sure.