VirusTotal is an online solution for analyzing, matching, and relaying threats such as viruses and suspicious content contained within files and URLs. While the web version has always existed, VirusTotal has released a new browser extension deemed to be a big update to an earlier existing version. The previous version (similar in functionality to the website) has previously, only been used to analyze files and URLs with the help of different antivirus solutions.
Now the new version (v.4.0), will use an API key (free and premium keys available) to automatically identify Indicators of Compromise (IoCs)in websites and provide context for found threats. It promises to scan downloads (excluding documents) and send passive DNS data concerning the browser in use, as shown in the image below. By collating and presenting data to users, the extension will find use among cybersecurity professionals such as researchers and SOC analysts for purposes of threat intelligence. The extension, named VT4Browsers, is available for download on all major browsers.
Owing to all the new information and features described, I immediately installed VT4Browsers and fired it up on a chromium-based browser in my virtual machine to see how it works. I also obtained a free API key that would be used to look up identified IoC, if any.
To test the true power of the extension, I did two things;
1. Interacting with potentially vulnerable sites, i.e., those with multiple links and files
Within individual sites, I had the option to right-click to select the VT4Browsers extension which gave various options. I could, for example, scan the current page, enrich the current domain, check for indicators, etc. All these options provided immediate results loaded in a new tab.
Scanning the current page returned uncertain results, i.e., all but two security vendors flagged the page’s URL as malicious.
2. Downloading a known malicious file.
Right away, the extension notified me of an initiated download activity and asked for permission to scan the file and share the submission with the security community.
I was then directed to the generated report to find more about the download
The results indicate that the download was a malicious file and had been detected and flagged by many virus solutions.
Bottom-line
The VirusTotal web extension will make work easier for internet users due to the real-time ability to check up things such as downloads, links, and domains. Using the extension isn’t rocket science at all.
There is however one caveat. VirusTotal may fail to identify a malicious file depending on whether it has already been defined in its database. This may lead to false negatives. Always be careful even when scanned content is given a clean bill of health.
I’d recommend that you install and regularly use the extension for added internet security. Many more capabilities can be achieved by obtaining premium API keys.
When experimenting with the extension by downloading malicious files as I did above, beware that your system may be infected. Prefer to use a virtual machine environment where you can always disinfect by reinstalling or reverting to a previous snapshot.
Appreciate this post by applauding and/or commenting below!
