Wednesday, April 2, 2008

New Little Feature

There was a new feature added to ThreatExpert reports that some researchers might find useful.

Whenever ThreatExpert comes across a filename or a threatname in a report, it will check if that name was previously mentioned in other reports.

If it was mentioned, such name will be accompanied with a link to a page that enlists any findings associated with that name:

All filenames and threat aliases are cross-referenced by MD5.

In a certain way it is similar to VGrep.

For example, searching for "Puper" and clicking its threat name inside any report will bring you to a page, where you will be able to see how other vendors are detecting the same threat (e.g. Zlob/Popuper/Vapsup), where this threat is likely to be coming from, and how many incidents were registered at