OS X KnockKnock Integrates VirusTotal Scan Results

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
OS-X-KnockKnock-Integrates-VirusTotal-Scan-Results-479538-2.jpg

OS X users can now see if persistent items executing automatically on their machines are up to no good by receiving scan results from VirusTotal straight into KnockKnock’s interface.

KnockKnock is an open source solution built by Patrick Wardle from security startup Synack that scans OS X systems for scripts, commands, binaries or commands set to initialize with the operating system. It is the equivalent of Autoruns for Windows, created by Mark Russinovich.

Scan results are shown in the main window
In a blog post on Tuesday, VirusTotal announced that its database could also be queried by Wardle's utility.

As malware is always looking for methods to achieve persistence on a compromised machine, the tool comes in handy when trying to find illegal components.

“Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock (UI) uncovers persistently installed software in order to generically reveal such malware,” reads Wardle’s description of the tool.

The current version of the utility (1.2.1) makes detecting known malware on OS X easier by integrating results from VirusTotal, Google’s online scanning service.

In the case of executable binaries, KnockKnock creates a hash value and sends it to VirusTotal for detection ratios. The information is then pulled in and displayed in the main window of the application next to the queried entry.

Known malware is marked in red. If there is no data available, the user can submit it to VirusTotal for analysis. A link to the full scan report is provided in KnockKnock for accessing the complete detection log.

Read more: http://news.softpedia.com/news/OS-X-KnockKnock-Integrates-VirusTotal-Scan-Results-479538.shtml
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top