What is VirusTotal?

Malware is as much of a threat now as it ever was. Malware can be particularly devastating to enterprise networks. Ransomware can take entire production systems offline for days or longer, and then go and spill all of an organization’s sensitive to public websites or sold to cyber criminals through the Dark Web. And that’s just one of many types of malware that business organizations need to be defended from.

Cyber defensive technologies such as antivirus, EDR (endpoint detection and response), and XDR (extended detection and response) rely upon updates about new malware as it emerges, so that new malware can be detected and prevented from wreaking havoc on an enterprise target.

In fiction, such as in Mighty Morphin Power Rangers, the Power Rangers and their Zords can be quite powerful against the forces of evil as individuals. But there are many threats that no Power Ranger and no Zord is able to fight alone. The Power Rangers need to engage in teamwork, and the Zords need to physically combine to become the Megazord.

McAfee, Avast, ESET, Avira, AVG, and so on can each provide good antivirus protection. But today’s sophisticated malware threats, some of which is from financially motivated cyber crime and some of which is the product of nation-state cyberwarfare, requires teamwork from security vendors and malware researchers. They need… the Megazord!

And that’s what VirusTotal facilitates.

VirusTotal was launched by Hispasec Sistemas in 2004. Google bought VirusTotal in 2012. And since 2018, VirusTotal has been owned by Google subsidiary Chronicle.

All the major antivirus vendors and most vendors that sell solutions that implement antivirus capabilities share knowledge through VirusTotal, as do malware researchers who work for the vendors, and researchers who work independently.

Anyone may upload potentially files, domains, IPs, and URLs to VirusTotal’s website. VirusTotal and their community analyze these potentially malicious sources in multiple ways:

“VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.”

Although VirusTotal has been around for twenty years now, participation in VirusTotal’s platform by vendors and malware researchers has grown exponentially in the past decade or so, based on my anecdotal experience. Inevitably, that mass cooperation and collaboration has made all participating vendors and their products much stronger and more effective.

VirusTotal’s web platform is a fascinating and ever growing data trove for us curious malware geeks. If malware fascinates you, go have a look!