Cookie Consent by Free Privacy Policy Generator 📌 Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI


💡 Newskategorie: Malware / Trojaner / Viren
🔗 Quelle: blog.virustotal.com

At the RSA Conference 2023 today, we are excited to unveil VirusTotal Code Insight, a cutting-edge feature that leverages artificial intelligence for code analysis. Powered by Google Cloud Security AI Workbench, Code Insight produces natural language summaries of code snippets with ease. This functionality empowers security experts and analysts by providing them with deeper insights into the purpose and operation of analyzed code, significantly enhancing their capability to detect and mitigate potential threats.

For quite some time, artificial intelligence (AI) and machine learning (ML) have played a crucial role in anti-malware and cybersecurity, mainly focusing on classification tasks. However, recent advancements in large language models (LLMs) have expanded their capabilities to encompass text generation and summarization. 

Impressively, when these models are trained on programming languages, they can adeptly transform code into natural language explanations. This innovation not only expedites malware analysis but also bolsters a variety of cybersecurity applications. Recognizing the immense potential of this cutting-edge technology, we have incorporated it into the VirusTotal platform, significantly enhancing its capabilities.

Code Insight is a new feature based on Sec-PaLM, one of the generative AI models hosted on Google Cloud AI. What sets this functionality apart is its ability to generate natural language summaries from the point of view of an AI collaborator specialized in cybersecurity and malware. This provides security professionals and analysts with a powerful tool to figure out what the code is up to. 

At present, this new functionality is deployed to analyze a subset of PowerShell files uploaded to VirusTotal. The system excludes files that are highly similar to those previously processed, as well as files that are excessively large. This approach allows for the efficient use of analysis resources, ensuring that only the most relevant files (such as PS1 files) are subjected to scrutiny. In the coming days, additional file formats will be added to the list of supported files, broadening the scope of this functionality even further.

Let's examine a few examples derived from authentic situations to truly appreciate the functionality of this feature. 

In this first case, we have a file that was detected by only three engines on VirusTotal as “PowerShell/PSW-Agent.U” and “HEUR.Trojan-PSW.Multi.Disco.gen”. Meanwhile, Code Insight provided the following explanation:

https://www.virustotal.com/gui/file/74662107227a6a28bebb77d5b9ec3890a80e507ee22ed99eb17f35c9d8730bf3/detection

Unveiling false negatives


It's important to note that Code Insight conducts its analysis independently, relying solely on the content of the file being processed, without access to antivirus results or any other associated metadata. A good example can be observed in this case of a false negative, where Code Insight’s explanation helps us detect malware to stealth user’s credentials that has not been identified by any antivirus software in VirusTotal:

https://www.virustotal.com/gui/file/552efb0dc7e62ded08c98d2e6355df1d27a1317c0a37aabeefd48667b7b1917b/detection

Clearing false positives


In this other example, we have a file that is flagged as trojan and malware by 9 antivirus engines, but it's actually a false positive. Here we can see once again how Code Insight can be a valuable ally when managing incidents and analyzing potential malware. In this case, it explains that it's simply a script that installs Postman CLI:

https://www.virustotal.com/gui/file/b5796d7e4a9efc0b81efdc94b3e42ba6a6ef71d10274e3b812cd5ef4dfb8787b/detection

In this last example, Code Insight demonstrates how it can help improve file categorization in VirusTotal. Code Insight accurately identifies the sample’s file type and fixes the tag that misclassified it as JavaScript.

Although the selected examples illustrate accurate descriptions, the performance of the LLM model may vary on a case-by-case basis, including judgment errors. It’s highly likely that attackers develop new evasive strategies and an ongoing competition between malware and this new approach is expected. That’s why it is crucial for a security analyst to oversee these features as they ultimately need to interpret this information combined with other contextual information and correlations relevant to the case at hand.

Nevertheless, the integration of LLMs into the arsenal of code analysis tools is a significant advancement that enables security professionals to gain valuable insights into the structure and behavior of potentially malicious code, improving threat detection and response efficiency.

Code Insight in VirusTotal Intelligence


This kind of analysis can be carried out by various AI models, each offering varying levels of precision and depth. However, the true value of VirusTotal's Code Insight lies in its capacity to scale this analysis through its platform. This enables not only the examination of individual code samples, but also the aggregation and exploitation of results on a large scale via the VirusTotal Intelligence service. As a result, security teams can swiftly and effectively scrutinize vast quantities of code and identify potential threats, enhancing their efficiency and ultimately fortifying their security stance.

Here’s an example of searching for ”codeinsight:keylogger”:

VirusTotal Intelligence finds several files that, according to the Code Insight report, record keystrokes and write them to a log file. Let’s expand the report of the first one, then we can read a comprehensive analysis explaining this specific keylogger’s behavior:

https://www.virustotal.com/gui/file/d6111869a8088e2d1b49a92a30fc3d477373d88a4a2f1a7da4e75ce85dc08ba4/detection

As we continue to refine and expand the capabilities of VirusTotal Code Insight and other cutting-edge features, we remain dedicated to providing our community with the most advanced and effective tools to stay ahead of evolving cyber threats. We are truly excited about what the future holds and are eager to continue pushing the boundaries of what is possible in the field of cybersecurity. Stay tuned for more updates and developments from the VirusTotal team.

...



📌 Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI


📈 83.59 Punkte

📌 Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI


📈 83.59 Punkte

📌 Uncovering Hidden Threats with VirusTotal Code Insight


📈 30.31 Punkte

📌 Code Analysis: Empowering developers to write performant, reliable, and safe C++


📈 29.52 Punkte

📌 Empowering ADHD Research With Generative AI: A Developer's Guide to Synthetic Data Generation


📈 27.68 Punkte

📌 VirusTotal += Symantec Mobile Insight


📈 26.43 Punkte

📌 Empowering Cyber Security by Enabling 7 Times Faster Log Analysis


📈 25.64 Punkte

📌 Introducing VT4Splunk - The official VirusTotal App for Splunk


📈 25.06 Punkte

📌 Introducing Autocomplete for VirusTotal Intelligence queries


📈 25.06 Punkte

📌 Introducing VirusTotal Collections


📈 25.06 Punkte

📌 Introducing VirusTotal MSSP Program: Differentiate and become indispensable with preventive capabilities


📈 25.06 Punkte

📌 Decision Analysis Applications in Threat Analysis Frameworks


📈 23.88 Punkte

📌 Introducing IBM X-Force Threat Management: A Smarter Security Solution to Manage the 360-Degree Threat Life Cycle


📈 23.77 Punkte

📌 Revamping in-house dynamic analysis with VirusTotal Jujubox Sandbox


📈 23.33 Punkte

📌 VirusTotal now has an AI-powered malware analysis feature


📈 23.33 Punkte

📌 Trellix Threat Intelligence enhancements accelerate threat analysis and response


📈 22.04 Punkte

📌 VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware


📈 21.5 Punkte

📌 Threat Hunting with VirusTotal


📈 21.5 Punkte

📌 Threat Hunting with VirusTotal - Episode 2


📈 21.5 Punkte

📌 Unifying threat context with VirusTotal connectors


📈 21.5 Punkte

📌 Workshop Today: Threat Hunting With VirusTotal - Black Belt Edition


📈 21.5 Punkte

📌 DeepMind - From Generative Models to Generative Agents - Koray Kavukcuoglu


📈 21.23 Punkte

📌 Generative AI: Diese Themen prägen die Strategie für generative KI


📈 21.23 Punkte

📌 Generative AI in the Real World: Chip Huyen on Finding Business Use Cases for Generative AI


📈 21.23 Punkte

📌 Adobe launches Generative Fill to boost generative AI image generation


📈 21.23 Punkte

📌 [Video analysis] Android Trojan that makes PayPal payment and bypasses 2FA | APK code analysis


📈 21.03 Punkte

📌 Better, Faster, More Secure Code by Combining Static Analysis and Software Composition Analysis


📈 21.03 Punkte

📌 Global AppSec Dublin: Empowering The Guardians Of Your Code Kingdom - Gabriel Manor


📈 20.95 Punkte

📌 Introducing an image-to-speech Generative AI application using Amazon SageMaker and Hugging Face


📈 20.91 Punkte

📌 Introducing the AWS Generative AI Innovation Center’s Custom Model Program for Anthropic Claude


📈 20.91 Punkte











matomo