Embedded Files
The Internet is a thrilling and expansive space, enabling seamless communication, information sharing, collaboration, entertainment, and productivity. However, it can also be a treacherous territory, with cybercriminals constantly lurking to infiltrate our devices and abscond with our valuable information.
Cybercriminals often execute their attacks by sending phishing emails, sharing malware-infected documents, or visiting dangerous websites. In addition, they are constantly upping their game, making it more difficult to spot these attacks and bypass security software.
The good news? I want to share an easy way to check if a website link or file is safe using VirusTotal, a free and simple tool that helps identify viruses and other malicious software.
What is VirusTotal?
What is VirusTotal?
VirusTotal is an online service that analyses files and websites to detect malware, viruses, and other security threats. It is similar to the antivirus installed on your laptop but with more antivirus scanners and engines. If you like technical details, check out their How it works page.
Cybersecurity professionals use it because it's like having several security experts and tools helping you stay safe.
Why use VirusTotal?
Why use VirusTotal?
VirusTotal is not the only tool available, nor should you rely entirely on it, but here are a couple of reasons why VirusTotal is handy for everyone (technical and non-technical):
**Free—**All features are free to use; no subscription or payment is required to use any of its features.
**Multiple scanners—**It provides a thorough scan, using over 70 different antivirus tools to check files and websites, unlike the single scanner provided by typical antivirus solutions.
**Fast—**Despite having several antivirus and malware scanners, VirusTotal is surprisingly fast.
**No installation—**VirusTotal is an entirely online tool; there is no need to download, install, or maintain any software, and it will work with any operating system (Windows, MacOS, and Linux).
The last point has a caveat: VirusTotal does provide installable Desktop Apps, Browser Extensions, and Mobile Apps, but the online version is sufficient for most users.
You can access the VirusTotal website via this link: www.virustotal.com using a web browser on your laptop.
Using VirusTotal (and similar tools) should be a regular best practice for your work and personal life. It can be the difference between a costly security breach and remaining safe online.
In general, if VirusTotal flags a file or website as dangerous or malicious, it is often best to delete the file immediately or avoid that website entirely.
How to Use VirusTotal to Check a File - Uploading
How to Use VirusTotal to Check a File - Uploading
If you have downloaded a file from the Internet, email, or messaging app and are unsure whether it is safe, you can upload the file to VirusTotal to have it checked.
If you suspect the file contains sensitive information and do not want to upload it, or if it is too large to upload (more than 650MB), you can skip to the How to use VirusTotal for Techies section of this post.
Step-by-step guide:
Upload the file:
Once on the website (www.virustotal.com ), the 'File' upload tab will automatically be selected.
Click the 'Choose File' button.
Navigate to the location of the downloaded file and select the file.
Click the 'Confirm upload' button.
VirusTotal - Select a malicious file from your computer to upload and scan
Scanning:
VirusTotal will upload and scan the file using the various antivirus scanners.
Results: Once the scan is complete, VirusTotal will display one of the following:
If most antivirus scanners show a green check mark or state, "No engines detected this file," the file is safe.
If some scanners mark the file with a red warning or say "Malicious," it is best not to open it and delete it immediately.
VirusTotal confirms mimikatz.exe is a malicious trojan malware
How to Use VirusTotal to Check a Website
How to Use VirusTotal to Check a Website
If you receive an email or message with a link or are directed to a suspicious website, you can use VirusTotal to check the website's safety.
Once on the VirusTotal website (www.virustotal.com ), click the 'URL' tab.
Type or copy the website address or link from the email, paste it into the search bar, and hit the 'Enter' (Carriage Return) key on your keyboard.
Results: When the scan is complete, VirusTotal will display one of the following:
If you see a lot of green check marks, the site is most likely safe to visit.
If you see red (or yellow) warnings, the antivirus scanners have flagged the website as suspicious or dangerous.
VirusTotal confirms the website https://wired.com is safe to view
VirusTotal does not flag the Google Sheet link, but one vendor marked it as suspicious.
How to use VirusTotal for Techies
How to use VirusTotal for Techies
There is a slightly more technical way to use VirusTotal, and you will need to be comfortable with your operating system's command prompt/interface.
This method uses Hash Functions and Hashes to create a unique value of the suspicious file. This hash value is then submitted to VirusTotal for evaluation. The rule of thumb is that each malware and virus has a unique signature (hash value) or fingerprint.
By comparing your file's hash value with the extensive database of hash values maintained by VirusTotal, we can quickly determine if the file is indeed infected.
Getting the Hash Value
Windows:
Navigate to the folder/directory that contains the suspicious downloaded file.
Open a command prompt in this location (you can watch this video on how to do this).
Execute the following command (replace with the name of your file): certutil -hashfile [filename.extension] SHA256
Windows 10 generates a SHA-256 hash for a suspicious file.
MacOS:
Within the MacOS terminal, navigate to the directory of the suspicious downloaded file. (This video walks you through the steps to launch a terminal within a directory/folder.)
Execute the following command (replace with the name of your file): shasum -a 256 [filename.extension]
Linux:
Within the Linux terminal, navigate to the suspicious download file's directory.
Execute the following command (replace with the name of your file): sha256sum [filename.extension]
Linux generates a SHA-256 hash for a suspicious file.
The above commands will generate a SHA-256 hash value (a long string of alphanumeric characters); copy this hash value from the command line.
VirusTotal accepts various hash values—SHA-1, SHA-256, and MD5, to name a few. Each hash function generates a different hash value for the same file, and operating systems usually include a native command-line tool to assist.
Submitting the Hash Value
Submitting the Hash Value
VirusTotal - Search tab used to compare suspected hash values, IPs, and domains against its database.
Once on the VirusTotal website (www.virustotal.com ), click on the ‘Search’ tab
Paste the copied hash value and hit the ‘Enter’ (Carriage Return) key on your keyboard.
Results: Like the file and website scan results, VirusTotal will scan and confirm whether a file is safe to open or dangerous and should be deleted.
VirusTotal confirms the hash value is associated with the known mimikatz.exe malware.
Does VirusTotal have any Limitations?
Does VirusTotal have any Limitations?
Unfortunately, VirusTotal is not foolproof because it depends on cyber security researchers and volunteers constantly updating its database. Thus, if a cyber criminal shares an unknown virus or malicious website, VirusTotal will mark the file or website as safe.
In addition, cybercriminals may use low-tech methods to bypass antivirus solutions and VirusTotal scanners. For example, an attacker can easily hide a malicious website using URL Shorteners.
URL Shorteners are online services (free and paid) that accept a full-length website address, a.k.a. URL, and provide a much shorter web address for online advertising or other services.
As an experiment, I used a free URL shortening service to shorten a known malicious web address from its original long form to a much shorter form.
The original URL is immediately flagged as dangerous by VirusTotal.
VirusTotal confirms the lengthy web address is a known phishing website.
However, if I submit the short form, VirusTotal marks it as safe (though with a warning from URLhaus, another tool you can use to help stay secure online).
The shortened website address is not registered as a malicious website and is not flagged as a phishing website.
This is a straightforward, low-tech method to evade security antivirus scanners. Skilled cybercriminals will use more advanced techniques with a higher success evasion rate than URL shorteners.
Tips for Safe Browsing
Tips for Safe Browsing
While VirusTotal is a great tool, it is always wise to take additional precautions and stay vigilant while online:
Keep software up to Date: Make sure your antivirus, operating system (Windows, Mac OS X, Linux), and system software are always up to date.
Avoid Suspicious Links: If an email or message seems strange (sense of urgency, grammar or spelling mistakes, generic and not specific to you), do not click any of the links (especially if the web address does not appear to match anything familiar) or download any of the attachments without checking them using VirusTotal or sender of the email.
Trust Your Instincts: If something feels off about a file or website, even if it passes VirusTotal, it is safer to avoid it. Safety first!
References
References
Cover image: Generated with Canva AI
Links to support articles and tools are included within the article.
Google Sites
Report abuse