Hackers and cybercrooks do the same. The last thing you want if you're a cyberthug is for your banking Trojan to crash a victim's system and be exposed. More importantly, you don't want your victim's antivirus engine to detect the malicious tool.
So how do you maintain your stealth? You submit your code to Google's VirusTotal site and let it do the testing for you.
It's long been suspected that hackers and nation-state spies are using Google's antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups?including, surprisingly, two well-known nation-state teams?as they used VirusTotal to hone their code and develop their tradecraft.
"There's certainly irony" in their use of the site, Dixon says. "I wouldn't have expected a nation state to use a public system to do their testing."
VirusTotal is a free online service?launched in 2004 by Hispasec Sistemas in Spain and acquired by Google in 2012?that aggregates more than three dozen antivirus scanners made by Symantec, Kaspersky Lab, F-Secure and others. Researchers, and anyone else who finds a suspicious file on their system, can upload the file to the site to see if any of the scanners tag it malicious.