VirusTotal

virustotal

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google Inc. in September 2012. [2] [3]

VirusTotal aggregates many antivirus products and online scan engines [4] [5] to check for viruses that the user’s own antivirus may have missed, or to verify against any false positives . [6] Files up to 256 MB can be uploaded to the website or sent via email. [7] Anti-virus software vendors can receive copies of files that have been scans but passed by their own engine, to help improve their software and, by extension, VirusTotal’s own capability. Users can also scan suspicious URLs and search through the VirusTotal dataset. VirusTotal for dynamic analysis of malware Cuckoo sandbox . [8]VirusTotal was selected by PC World as one of the best 100 products of 2007. [9]

Products and services

VTUploader for Microsoft Windows

VTUploader [10] is an application that integrates into the Explorer’s (right-click) contextual menu, listed under Send To> Total Virus . The application also makes it easy for submitting a URL or a program that is currently running in the OS.

VirusTotal stores the name and various hashes for each scanned file. Already scanned files can be identified by their known (eg, VT default) SHA256 hash without uploading complete files. The SHA256 query URL has the form https://www.virustotal.com/latest-scan/SHA256. File uploads are normally limited to 128 MB. [11]

VirusTotal for Browsers

There are several browser extensions available, such as VTzilla for Mozilla Firefox , VTchromizer for Google Chrome and VTexplorer for Internet Explorer . They allow the user to download files directly from the VirusTotal’s web application, and to scan the URLs. [12]

VirusTotal for Mobile

The service also offers an Android App [13] that employs the public API to search any installed application for VirusTotal’s previously scanned ones and its statuses. Any application not previously scanned may be submitted, but an API key must be provided and other restrictions to the public API may apply (see #Public API ).

Public API

VirusTotal provides as a free service to the public API that allows for the automation of some of its online features such as “upload and scan files, submit and scan URLs, access to advanced scan reports, and make automatic comments on URLs and samples” . Some restrictions apply to requests made by the public API, such as requiring an individual API key, a simple priority, a low priority scan queue, a limited number of requests per time frame, and so on. [14]

Antivirus products

Antivirus engines used for detection for uploading files. [15]

  • AegisLab (AegisLab)
  • Agnitum
  • AhnLab (AhnLab V3)
  • Antiy Labs (Antiy-AVL)
  • Aladdin ( eSafe )
  • ALWIL ( Avast! Antivirus )
  • AVG Technologies ( AVG )
  • Avira
  • BluePex (AVware)
  • Baidu (Baidu-International)
  • BitDefender GmbH ( BitDefender )
  • Bkav Corporation (Bkav)
  • ByteHero Information Security Technology Team (ByteHero)
  • Cat Computer Services ( Quick Heal )
  • CMC InfoSec (CMC Antivirus)
  • Cyrén
  • ClamAV
  • Comodo ( Comodo )
  • CrowdStrike
  • Doctor Web Ltd. ( Dr.Web )
  • Emsi Software GmbH (Emsisoft)
  • Endgame
  • Eset Software ( ESET NOD32 )
  • Fortinet
  • FRISK Software ( F-Prot )
  • F-Secure
  • G Data Software (G Data)
  • Hacksoft (The Hacker)
  • Hauri (ViRobot)
  • IKARUS Security Software (IKARUS)
  • INCA Internet (nProtect)
  • Invincea (Invincea, acquired by Sophos)
  • Jiangmin
  • K7 Computing (K7AntiVirus, K7GW)
  • Kaspersky Lab ( Kaspersky Anti-Virus )
  • Kingsoft
  • Malwarebytes Corporation ( Malwarebytes’ Anti-Malware )
  • Intel Security (McAfee)
  • Microsoft (Malware Protection)
  • Microworld (eScan)
  • Nano Security (Nano Antivirus)
  • Norman (Norman Antivirus)
  • Panda Security (Panda Platinum)
  • Qihoo 360
  • Rising Antivirus (Rising)
  • Sophos (SAV)
  • SUPERAntiSpyware
  • Symantec Corporation (Symantec)
  • Tencent
  • ThreatTrack Security (VIPRE Antivirus)
  • TotalDefense
  • Trend Micro (TrendMicro, TrendMicro-HouseCall)
  • VirusBlokAda ( VBA32 )
  • Webroot
  • WhiteArmor
  • Zillya! (Zillya)
  • Zoner Software (Zoner Antivirus)

Website / domain scanning engines and datasets

Antivirus scanning engines used for URL scanning. [15]

  • ADMINUSLabs (ADMINUSLABS)
  • AegisLab WebGuard (AegisLab)
  • Alexa ( Amazon )
  • AlienVault (AlienVault)
  • Antiy-AVL (Antiy Labs)
  • AutoShun (RiskAnalytics)
  • Avira Checkurl ( Avira )
  • Baidu (Baidu-International)
  • BitDefender
  • CRDF (CRDF FRANCE)
  • C-SIRT (Cyscon SIRT)
  • CLEAN MX
  • Comodo Site Inspector ( Comodo Group )
  • CyberCrime ( Xylitol )
  • Dr.Web Link Scanner ( Dr.Web )
  • Emsisoft (Emsi Software GmbH)
  • ESET
  • FortiGuard Web Filtering ( Fortinet )
  • G Data
  • Google Safe Browsing ( Google )
  • K7AntiVirus ( K7 Computing )
  • Kaspersky URL advisor ( Kaspersky Lab )
  • Malc0de Database (Malc0de)
  • Malekal (Malekal’s MalwareDB)
  • Malwarebytes hpHosts ( Malwarebytes )
  • Malwared (Malwared.malwaremustdie.org)
  • Malware Domain Blocklist (DNS-BH – Malware Domain Blocklist)
  • Malware Domain List (Malware Domain List)
  • MalwarePatrol (MalwarePatrol)
  • Malwares.com (Saint Security)
  • Netcraft
  • Opera
  • Palevo Tracker (Abuse.ch)
  • ParetoLogic URL Clearing House (ParetoLogic)
  • Phishtank ( OpenDNS )
  • Quttera (Quttera Ltd.)
  • SCUMWARE (Scumware.org)
  • SecureBrain (SecureBrain)
  • Sophos
  • SpyEye Tracker (Abuse.ch)
  • StopBadware ( StopBadware )
  • Sucuri SiteCheck ( Sucuri )
  • ThreatHive (The Malwarelab)
  • Trend Micro Site Security Center ( Trend Micro )
  • urlQuery (urlQuery.net)
  • VX Vault
  • Websense ThreatSeeker ( Websense )
  • Webutation
  • Wepawet (iseclab.org)
  • Yandex Safebrowsing ( Yandex )
  • ZCloudsec (Zcloudsec)
  • ZEB Zeus
  • ZeuS Tracker (Abuse.ch)
  • Zvelo

Privacy

Files uploaded to VirusTotal may be shared freely with anti-malware companies and will also be retained in a store. The VirusTotal ‘About Page’ states under VirusTotal and confidentiality :

Files and URLs sent to the Internet will be shared with antivirus vendors and security companies. We do this because we believe it will eventually lead to safer Internet and better end-user protection. By default any file / URL submitted to VirusTotal which is detected by one of the scanners that do not detect the resource. Additionally, all files and URLs can be accessed by premiums (mainly security / antimalware companies / organizations) VirusTotal users.

References

  1. Jump up^ “Virustotal.com Traffic, Demographics and Competitors – Alexa” . Alexa Internet . Retrieved 20 October 2017 .
  2. Jump up^ Lardinois, Frederic. “Google Acquires Online Virus, Malware and VirusTotal URL Scanner” . TechCrunch . Retrieved 12 April 2013 .
  3. Jump up^ VirusTotal Team (7 September 2012). “An update from VirusTotal” . Blog.virustotal.com . Retrieved 3 June 2016 .
  4. Jump up^ “Credits & Acknowledgments: About VirusTotal” . VirusTotal . Retrieved 6 July 2014 .
  5. Jump up^ “Example Report” . Virustotal.com. April 2, 2014 . Retrieved 3 June 2016.
  6. Jump up^ “About VirusTotal” . Virustotal.com . Retrieved 3 June 2016 .
  7. Jump up^ “VirusTotal gets a new hairdo” . VirusTotal Blog . Retrieved 4 November2017 .
  8. Jump up^ “Credits of VirusTotal” (in Spanish). Virustotal.com . Retrieved 3 June2016 .
  9. Jump up^ Dahl, Eric. “The 100 Best Products of 2007” . PCWorld . IDG Consumer & SMB . Retrieved 3 June 2016 .
  10. Jump up^ “VirusTotal Windows Desktop Application” . VirusTotal . Retrieved 16 February 2014 .
  11. Jump up^ “What is the maximum file size that can be submitted” . FAQ . VirusTotal. Retrieved 20 January 2015 .
  12. Jump up^ “VTzilla: Mozilla Firefox Browser Extension” . VirusTotal . Retrieved 23 March 2014 .
  13. Jump up^ “VirusTotal for Android” . VirusTotal . Retrieved 23 March 2014 .
  14. Jump up^ “VirusTotal Public API v2.0” . VirusTotal . Retrieved 23 March 2014 .
  15. ^ Jump up to:b “Credits & Acknowledgments” . Virustotal . Virustotal . Retrieved 3 June 2016 .

Leave a Reply

Your email address will not be published. Required fields are marked *