This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article may rely excessively on sources too closely associated with the subject, potentially preventing the article from being verifiable and neutral. Please help improve it by replacing them with more appropriate citations to reliable, independent, third-party sources. (April 2019) (Learn how and when to remove this template message) This article relies too much on references to primary sources. Please improve this by adding secondary or tertiary sources. (February 2022) (Learn how and when to remove this template message) (Learn how and when to remove this template message)
VirusTotal
VirusTotal logo.svg
VirusTotal Screenshot.jpg
Type of site
Internet security, file and URL analyzer
Available inArabic, Bulgarian, Chinese, Chinese (Hong Kong), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, English (US), English (GB), Estonian, Filipino, Finnish, French, German, Greek, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Malay, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese
HeadquartersDublin,
Area servedWorldwide
Created byHispasec Sistemas
General managerBernardo Quintero
Key peopleBernardo Quintero, Emiliano Martínez, Víctor Manuel Álvarez, Karl Hiramoto, Julio Canto, Alejandro Bermúdez, Juan A. Infantes
ParentGoogle LLC (2012–2018)
Chronicle (2018–present)
URLwww.virustotal.com
CommercialNo
RegistrationOptional
LaunchedJune 2004; 17 years ago (2004-06)
Current statusActive

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012.[1][2] The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

VirusTotal aggregates many antivirus products and online scan engines[3][4] called Contributors.[5] In November, 2018, the Cyber National Mission Force, a unit subordinate to the U.S. Cyber Command became a Contributor.[6] The aggregated data from these Contributors allows a user to check for viruses that the user's own antivirus software may have missed, or to verify against any false positives.[7] Files up to 650 MB can be uploaded to the website, or sent via email (max. 32MB). Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability. Users can also scan suspect URLs and search through the VirusTotal dataset. VirusTotal uses the Cuckoo sandbox for dynamic analysis of malware.[8] VirusTotal was selected by PC World as one of the best 100 products of 2007.[9]

Products and services

Windows Uploader

VirusTotal's Windows Uploader[10] was an application that integrates into the Explorer's (right-click) contextual menu, listed under Send To > Virus Total. The application also launches manually for submitting a URL or a program that is currently running in the OS.

VirusTotal stores the name and various hashes for each scanned file. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files. The SHA256 query URL has the form https://www.virustotal.com/latest-scan/SHA256. File uploads are normally limited to 128 MB.[11] In 2017 VirusTotal discontinued support of the Windows Uploader.[12]

Uploader for Mac OS X and Linux

Same as the Windows app you upload the file (via the app's UI or context menu) then you will be given back a result. The Mac OS X app can be downloaded from their website, however you need to compile and build the app for Linux using the same core (provided in their repository) used in the Mac OS X application. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files.[13]

VirusTotal for Browsers

There are several browser extensions available, such as VT4Browsers for Mozilla Firefox, and Google Chrome and vtExplorer for Internet Explorer.[14] They allow the user to download files directly with VirusTotal's web application prior to storing them in the computer, as well as scanning URLs.[15]

VirusTotal for Mobile

The service also offers an Android App[16] that employs the public API to search any installed application for VirusTotal's previously scanned ones and show its status. Any application not previously scanned can be submitted, but an API key must be provided and other restrictions to public API usage may apply (see #Public API).

Public API

VirusTotal provides as a free service a public API that allows for automation of some of its online features such as "upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples". Some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by online signing up, low priority scan queue, limited number of requests per time frame, etc.[17]

Antivirus products

Antivirus engines used for detection for uploading files.[18]

Website/domain scanning engines and datasets

Antivirus scanning engines used for URL scanning.[18]

File characterization tools & datasets

Utilities used to provide additional info on uploaded files.[18]

Privacy

Files uploaded to VirusTotal may be shared freely with anti-malware companies and will also be retained in a store. The VirusTotal About Page states under VirusTotal and confidentiality:[19]

Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection. By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.

References

  1. ^ Lardinois, Frederic (7 September 2012). "Google Acquires Online Virus, Malware and URL Scanner VirusTotal". TechCrunch. Retrieved 12 April 2013.
  2. ^ VirusTotal Team (7 September 2012). "An update from VirusTotal". Blog.virustotal.com. Retrieved 3 June 2016.
  3. ^ "Credits & Acknowledgements : About VirusTotal". VirusTotal. Retrieved 6 July 2014.
  4. ^ "Example Report". Virustotal.com. 2 April 2014. Retrieved 3 June 2016.
  5. ^ https://support.virustotal.com/hc/en-us/articles/115002146809-Contributors
  6. ^ "Archived copy". www.cybercom.mil. Archived from the original on 30 September 2020. Retrieved 22 February 2022.((cite web)): CS1 maint: archived copy as title (link)
  7. ^ "About VirusTotal". Virustotal.com. Archived from the original on 12 August 2010. Retrieved 3 June 2016.
  8. ^ "Credits of VirusTotal". Virustotal.com. Retrieved 27 November 2021.
  9. ^ Dahl, Eric (21 May 2007). "The 100 Best Products of 2007". PCWorld. IDG Consumer & SMB. Retrieved 3 June 2016.
  10. ^ "VirusTotal Windows Desktop Application". VirusTotal. Retrieved 16 February 2014.
  11. ^ "What is the maximum file size that can be submitted". FAQ. VirusTotal. Retrieved 20 January 2015.
  12. ^ "Desktop Apps". VirusTotal. VirusTotal. Retrieved 24 December 2018.
  13. ^ https://support.virustotal.com/hc/en-us/articles/115002179065-Desktop-Apps
  14. ^ https://support.virustotal.com/hc/en-us/articles/115002700745-Browser-Extensions
  15. ^ "VTzilla: Mozilla Firefox Browser Extension". VirusTotal. Retrieved 23 March 2014.
  16. ^ "VirusTotal for Android". VirusTotal. Retrieved 23 March 2014.
  17. ^ "VirusTotal Public API v2.0". VirusTotal. Retrieved 23 March 2014.
  18. ^ a b c "Credits & Acknowledgements". Virustotal. Virustotal. Retrieved 3 June 2016.
  19. ^ "VirusTotal". support.virustotal.com. Retrieved 24 October 2019.