Popular malware aggregation repository VirusTotal has launched its Monitor tool, intended to mitigate the process by which legitimate files are labeled as malicious.
Created in 2004, and now owned by Chronicle, a subsidiary of Alphabet Inc., VirusTotal works by aggregating over 70 antivirus scanners that can detect and flag malicious files that users upload.
But the scanners are not always accurate, and some software developers have had their creations mistakenly flagged as malware, creating what is known as a false positive. According to VirusTotal, false positives can lead to reputation damage for the antivirus vendor, a loss of access and trust for end users, and a drop in revenue for software publishers.
VirusTotal’s Monitor tool was created to combat these issues. It works by allowing developers to upload their software to a private cloud, the contents of which are scrutinized by VirusTotal’s dozens of scanners.
If a file is flagged as malicious, then both the software developer and the antivirus vendor are automatically notified, and the vendor is given access to the file and its metadata. The metadata, which includes the company behind the software and its contact information, can then be used to connect with the software developer and correct the false positive.
VirusTotal says Monitor is a win for both antivirus vendors and software developers alike. With it, vendors will have access to more information about a file than before, and, because the tool is an automated process, developers will no longer have to interact with 70 different vendors if an issue arises.
The tool comes after VirusTotal announced in January that it would include a new graphing feature to aid investigations by helping chart relationships across files, URLs, domains and IP addresses.
VirusTotal has also made headlines for its applications in identifying, and in some cases, helping, cyber criminals. In 2014, several high-profile hacking groups were caught using the tool to hone malicious code by running it through VirusTotal’s antivirus scanners.
In February, evidence posted to VirusTotal’s public repository suggested that the same hackers behind the Olympic Destroyer malware that targeted this year’s Olympic Winter Games in Pyeongchang, South Korea, also penetrated computer systems belonging to Atos, the company that hosted the cloud infrastructure for the Olympic Games, in December 2017.