VirusTotal is a useful online virus scanning service that Google acquired in 2012. The developers of the service have released VT4Browsers, an updated web browser extension for Firefox and Google Chrome.
VT4Browsers submits certain file downloads automatically to the virus scanning service for checking. Users may then click on a link displayed by the extension to open the scan results on the VirusTotal website.
The extension submits downloads with the exception of document file types by default. Users of the extension may change the default behavior in the settings.
The settings are divided into a public part and a part that is reserved to users with an API key. The public part includes the following options:
- Scan downloads with VirusTotal– this determines whether file downloads are submitted to the service.,
- Don’t scan documents — this determines whether document file types, e.g., pdf or docx, are submitted. These file types are not submitted by default.
- Show “Sent to VirusTotal” prompt when downloading files — displays a prompt to the user to submit downloads on demand and not automatically.
- Pause downloads when sending to VirusTotal — do not process downloads until files have been submitted to VirusTotal.
- Send anonymous passive DNS data to VirusTotal — submits domain name to IP address mappings for DNS resolutions the browser performs to VirusTotal. Default set to on.
Users may want to disable the sending of anonymous passive DNS data and enable the “sent to VirusTotal” prompt to be in control of the sending. The extension does not reveal all document file types that it blocks from sending, and most users may want to be in control when it comes to the sending of files to the service.
The main change that the new VirusTotal browser extension introduces is support for the VT Augment widget. It allows users to link an API key in the extension to use advanced functionality.
The functionality consumes API lookups whenever it is used. It allows users to “highlight or enrich ioCs (hashes, domains, IPs, URLs) automatically.
The difference between highlighting and enrichment is the following:
The highlight feature identifies IoCs and adds a VirusTotal icon next to each IoC. When the icon is clicked an API call is performed to embed the IoC detection ratio and display the VT AUGMENT widget as a side panel. API quota is only consumed when you click on an IoC icon.
For each IoC identified in a site, the enrichment feature automatically queries the VT API and embeds the IoC’s security vendors detection ratio/score next to the IoC. Clicking on the VirusTotal icon or detection ratio next to each IoC will then display the VT AUGMENT widget as a side panel. This setting can generate API lookup spikes and is only recommended for premium API keys.
A support article on the VirusTotal website provides additional information on the new options.
VT4Browsers is available for Chrome and Firefox officially. Most Chromium-based browsers should install the extension without any issues. A quick test in Brave and Vivaldi was successful in that regard.
Now You: do you use Virustotal or other virus scanning services?