VirusTotal tips, tricks, and myths

Friday 6 October 09:30 - 10:00, Red room

Randy Abrams (Independent security analyst)

Outside of the anti-malware industry, VirusTotal users generally believe it is simply a virus scanning service. Most users quickly reach erroneous conclusions about the meanings of various scanning results. At the same time, many very technical people are unaware that VirusTotal provides a wealth of contextual and forensic information. Most people do not realize that VirusTotal is a multi-directional threat intelligence feed as well.

After a brief introduction to the history of VirusTotal and the role of VirusTotal in today's security ecosystem, the myths listed below will be debunked, and little-known features of VirusTotal will be demonstrated.

  • Myth 1: VirusTotal can be used for comparative testing.
  • Myth 2: A missed detection does not mean that a scanner does not detect the threat.
  • Myth 3: Detection by your scanner means you must be protected.
  • Myth 4: The quality of coverage of a threat is determined by the number of scanners that detect it.

Information that can be obtained using the tabs for File Details, Relationships, Additional Information, Comments, and Votes will be reviewed. Some additional resources available to users will be touched on, and the need to read the terms of service will be emphasized.




Randy Abrams

Randy Abrams has been involved with the anti-malware industry since 1997, when he became responsible for ensuring that Microsoft did not release infected products. Randy designed and administered the processes used to prevent the release of infected software. The fundamentals of these processes are still used by Microsoft. In 2005, Randy joined ESET as the Director of Technical Education and was a popular blogger and podcaster, providing extensive security commentary for the media. In 2012, Randy joined NSS Labs as Research Director, focusing on the anti-malware industry. Randy is a popular presenter, which is a good thing since he has subjected people to his presentations at nearly three dozen security conferences.


   Read paper    Watch video






Other VB2017 papers

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.