Google grabs antivirus, antimalware scanning aggregator VirusTotal

Contact: Wendy Nather

Málaga, Spain-based VirusTotal, a company that provides free antivirus and antimalware aggregation services, announced that it has been acquired by Google, following the search giant’s acquisition last year of zynamics for code analysis and reverse engineering. No terms were disclosed, but given that VirusTotal is a labor of love by a team of seven engineers, we believe both sides got a good deal.

VirusTotal aggregates the results of scans from numerous antivirus engines and website scanners: a user can upload a file or submit a URL for scanning, and will receive any findings from the collection of tools. In return, VirusTotal gets to use the data from the upload and its results to add to its data store, which it will then share with all subsequent comers. The company has been firmly vendor-independent, and says it will continue to operate that way as a subsidiary of Google. (We do wonder, however, whether it plans to change the name of its company blog, currently titled ‘Inside VirusTotal’s Pants.’) The value to Google comes from VirusTotal’s position at the crossroads of antimalware research: the more people who use its service, the richer the data and intelligence will be.

The VirusTotal team makes very clear that its service is not intended to take the place of antivirus software, nor should it be used to compare commercial tools. And indeed, we can’t see it being a threat to the established antimalware vendors (in fact, the latest announced integration was Sucuri’s SiteCheck). It’s more an intelligence sink and source, and as a free service it has the best chance of collecting agnostic data that benefits the entire community. But that intelligence, together with its public and private API access, could also be used by Google internally in a number of ways, such as checking submissions to its Android store, or scanning sites before offering them as search results. The number of threat intelligence feeds is growing daily, and Google just picked up a meta-version of many of them for what we assume was a relatively low price – viewed from this angle, it was a smart move.

For more real-time information on tech M&A, follow us on Twitter @MAKnowledgebase.

Google adds zynamics to its security capabilities

Contact: Wendy Nather, Ben Kolada

Reverse engineering and code analysis vendor zynamics just announced that it is being acquired by Google for an undisclosed sum. Google has made other security plays before, with the largest being the $625m purchase of SaaS messaging security vendor Postini in July 2007, but this is its first reverse engineering deal. Google isn’t providing details on the rationale for the transaction, but we suspect that the target could be used for a number of purposes, including inspecting its ad streams for malware.

Bochum, Germany-based zynamics was founded as Sabre Security in 2004 by Thomas Dullien (aka Halvar Flake), who in 2007 was barred by the Transportation Security Administration from entry to the US as he attempted to travel to Las Vegas to present at the Black Hat conference. Google isn’t disclosing the deal terms, but when we covered zynamics back in 2008 we noted that it was profitable, with revenue of just over a half-million dollars. Google is retaining the entire zynamics team.

Google hasn’t divulged what it plans to do with zynamics’ IP and team, but given the target’s specialties, a pretty obvious use would be to check its hosted ads for malware, as well as improve detection of malware in the Android application market (given that Google just pulled 21 applications from the market today for security issues, this is an ongoing concern). We assume that Google will be using the zynamics assets to augment or replace what it’s presumably using today for these activities. But even in that case, Big G could have just licensed the software, which would mean that it plans to use the zynamics team and its talent to expand upon it for its own use – and since Google has such a wide footprint on the Internet, it’s a target-rich environment.