The very first entry I posted at Krebs on Security, Virus Scanners for Virus Authors, introduced readers to two services that let virus writers upload their creations to see how well they are detected by numerous commercial anti-virus scanners. In this follow-up post, I take you inside of a pair of similar services that allow customers to periodically scan a malware sample and receive alerts via instant message or e-mail when a new anti-virus product begins to detect the submission as malicious.
While there are free services like VirusTotal and Jotti that will let visitors upload a suspicious file and scan it against dozens of commercial anti-virus tools, the reports produced by the scans are shared with all of the participating anti-virus makers so that those vendors can incorporate detection for newly discovered malware into their products. While virus writers probably would love to use such services to fine-tune the stealth of their malware, they may not want their unique malware samples broadly shared among the anti-virus community before the malware has even had a chance to infect PCs.
So it’s not hard to see why some malware authors and purveyors choose to avoid these free services in favor of subscription products that scan submitted files with multiple anti-virus engines, yet prevent those results from being shared with the anti-virus vendors. Such is the business model behind scan4you.net, a service that charges 15 cents for each file checked. Scan4you will scan your malware against 30 anti-virus products, but promises it will bar those products from snarfing up a copy of the malware: