Wednesday, April 2, 2008
New Little Feature
There was a new feature added to ThreatExpert reports that some researchers might find useful.
Whenever ThreatExpert comes across a filename or a threatname in a report, it will check if that name was previously mentioned in other reports.
If it was mentioned, such name will be accompanied with a link to a page that enlists any findings associated with that name:
All filenames and threat aliases are cross-referenced by MD5.
In a certain way it is similar to VGrep.
For example, searching for "Puper" and clicking its threat name inside any report will bring you to a page, where you will be able to see how other vendors are detecting the same threat (e.g. Zlob/Popuper/Vapsup), where this threat is likely to be coming from, and how many incidents were registered at threatexpert.com.