A US computer security agency has opened up to the public the use of a tool to scan files and URLs for viruses or malicious software.
Some may be familiar with the VirusTotal tool, a website created by a Spanish computer scientist to which files can be uploaded to check if they are infected with a virus. Well, from now on, it is also possible to consult another tool of this type developed by the US government, which analyzes files and web addresses in search of malicious content in an attempt to “democratize security.”
Since November 2023, the United States Cybersecurity and Infrastructure Security Agency (CISA) made the tool available to public administrations and agencies in the country. “Next-Gen Malware”with which to examine suspicious files.
After the successful experience during this period with the platform, CISA has decided to make the tool for public use. The only requirement to be able to use it is to register on its website and consent to the tracking of the user’s activities there.
Since gaining access to the platform last year, US officials have requested the analysis of up to 1,600 files, of which about 200 tested positive for malicious software.
“Malware Next-Gen is an important step forward in CISA’s commitment to improving national cybersecurity,” said CISA Deputy Executive Director of Cybersecurity Eric Goldstain in a statement. release published last April 10.
“Our new automated system enables CISA’s cybersecurity threat hunting analysts to analyze, correlate, enrich data and share cyber threat insights with partners. It facilitates and supports a rapid and effective response to evolving cyber threats and ultimately safeguards critical infrastructure and systems,” adds the deputy director.
“All organizations, security researchers and individuals are encouraged to register and submit suspicious malware to this new automated system for CISA analysis,” the text states, thus inviting anyone to use this resource.
Be careful with private information in sent files
According to the CISA portal, file analysis is performed using a combination of static and dynamic analysis tools in a secure environment. The diagnostic results will be offered in PDF and STIX 2.1 formats.
The instructions for use emphasize one aspect, and that is not to send any classified or private information to the system. CISA warns that users may not have “reasonable expectations of privacy with respect to communications or data that transit or are stored in this information system.”
That is, the US government reserves the right to use all data in submitted files at its discretion. In addition, any information obtained from the analyzes carried out with this platform may be used by the government to develop laws or to take any type of measures.
It is also possible to send anonymously, that is, without registering. But this will mean not receiving results from the analysis carried out, so the user will not know if the file contains malware or not.
The tool can be very useful both for professionals in the cybersecurity sector and for individuals who are suspicious of a file downloaded from the Internet.
