It was not really clear in which direction Virustotal was heading after the acquisition of the service by Google was officially announced. Some feared that it would be integrated into core Google services and shut down, while others had hopes that the service would benefit from the parent company's vast resources.
The service improved afterwards, raising the maximum file size limit to 64 Megabytes in the process and eliminating nearly all of the wait time that users of the service experienced before the acquisition.
Virustotal announced the addition of a new feature two days ago on the official company blog. The service supports the analysis of so-called PCAP data now. PCAP - PAcket CApture - files contain captured network traffic. One use in this regard is the capturing of network traffic during software installations or while software is running that you want to analyze to find out if unauthorized connections are being made, and if this is the case, to which servers. Previously, you were able to scan the file on Virustotal, but that did not necessarily tell you anything about the connections that it made while it was running.
Here is one suggestion on how to make use of the new feature:
Virustotal will scan the file with all scanners as usual, but use the intrusion detection systems Snort and Suricata afterwards to analyze the traffic. It performs a couple of operations that include:
The analysis of network traffic opens up additional possibilities in regards to Virustotal and the service that it makes available. It can be used for other purposes besides monitoring traffic of a sandboxed application. This may include logging the network traffic of a system on boot and shortly thereafter or recording browser exploitation traces.
The feature is a welcome addition to the Virustotal arsenal even though it may be used almost exclusively by security researchers. (via)Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.