I use this every few days or more often to have peace of mind about that link I’m about to click.
About the tool
From the VT website:
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.
Upon submitting a file or URL basic results are shared with the submitter, and also between the examining partners, who use results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.
This core analysis is also the basis for several other features, including the VirusTotal Community: a network that allows users to comment on files and URLs and share notes with each other. VirusTotal can be useful in detecting malicious content and also in identifying false positives — normal and harmless items detected as malicious by one or more scanners.
How I use this tool
I use this free tool almost every day and sometimes dozens of times a day. Have you ever found yourself needing to do this?
- You’re looking for templates of a spreadsheet or powerpoint on the internet and you want to make sure they’re safe before you download them? Then, submit the URL to VT.
- You got a PDF in email that you really want to open, but you’re not sure if it’s legitimate? Submit the file to VT.
- You want to download a utility you found, but you’re a little worried if it’s been tampered with. Submit the hash before you proceed.
- Be careful and don’t submit any internal files or proprietary info from your company.
- Your relative calls you and asks how the can tell if something is safe to open. Refer them to this site and have them check it here beforehand.
I know SOC analysts or part-time security folks that use this as part of their regular analysis, particularly at smaller shops where they don’t have tools that do this or leverage the API. They do have a nice API you can tap into if you’re a software developer, or doing anything with automation, such as SOAR.