VirusTotal tips, tricks, and myths

Friday 6 October 09:30 - 10:00, Red room

Randy Abrams (Independent security analyst)

Outside of the anti-malware industry, VirusTotal users generally believe it is simply a virus scanning service. Most users quickly reach erroneous conclusions about the meanings of various scanning results. At the same time, many very technical people are unaware that VirusTotal provides a wealth of contextual and forensic information. Most people do not realize that VirusTotal is a multi-directional threat intelligence feed as well.

After a brief introduction to the history of VirusTotal and the role of VirusTotal in today's security ecosystem, the myths listed below will be debunked, and little-known features of VirusTotal will be demonstrated.

  • Myth 1: VirusTotal can be used for comparative testing.
  • Myth 2: A missed detection does not mean that a scanner does not detect the threat.
  • Myth 3: Detection by your scanner means you must be protected.
  • Myth 4: The quality of coverage of a threat is determined by the number of scanners that detect it.

Information that can be obtained using the tabs for File Details, Relationships, Additional Information, Comments, and Votes will be reviewed. Some additional resources available to users will be touched on, and the need to read the terms of service will be emphasized.

 

Randy-Abrams-web.jpg

Randy Abrams

Randy Abrams has been involved with the anti-malware industry since 1997, when he became responsible for ensuring that Microsoft did not release infected products. Randy designed and administered the processes used to prevent the release of infected software. The fundamentals of these processes are still used by Microsoft. In 2005, Randy joined ESET as the Director of Technical Education and was a popular blogger and podcaster, providing extensive security commentary for the media. In 2012, Randy joined NSS Labs as Research Director, focusing on the anti-malware industry. Randy is a popular presenter, which is a good thing since he has subjected people to his presentations at nearly three dozen security conferences.

@randyab



VB2018 MONTREAL!

VB2017 OVERVIEW

VB2017 SPEAKERS

VB2017 PROGRAMME

VB2017 PHOTOS

2017 PÉTER SZŐR AWARD


Other VB2017 papers

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…