Fighting malware requires close collaboration. The overwhelming malware production rate, the growing problem of false positives and the everlasting threat of false negatives cannot be counteracted without the determined engagement of all actors involved in end-user system security.
Keeping this in mind, we have created VirusTotal Community, a space where the antivirus industry and malware researchers can meet end-users in an effort to make the Internet a safer place. VirusTotal Community allows you to rate and place comments on files and web sites. Comments can be of any nature: disinfection instructions, in-the-wild locations, reverse engineering reports, etc.
Signing up to VT Community also entitles you to a VirusTotal public API key which enables you to write simple scripts to automate VirusTotal scans and file/URL report searches.
Build your profile
Network of trust
Interact with other users
Review files and URLs
Address your comments
Tag your comments
Vote other's comments
Flag files and URLs as malicious or harmless
Visit your profile regularly
Retrieve your API key
Build VirusTotal Community reputation
This document is intended for anyone that wants to make use of VirusTotal Community. In other words, it is intended for any user that is willing to provide further information on files and URLs, or that wants to retrieve an API key to automate the interaction with VirusTotal.
No particular technical knowledge is required to understand the document.
Becoming part of VirusTotal Community is very simple, click on the Join our community link at the top right hand corner of any VirusTotal page and a small registration form will open up.
You will need to provide at least a username that will identify you in the community, a valid email address and a password. Once you have completed the registration form, an email with an activation link will be sent to your email address. After following the activation link you will be able to sign in and start interacting with other users.
The goal of the registration process is simplicity. In order to build your profile further click on the Settings option of the top right hand corner drop down menu after having signed in.
You can customize your picture, tell others who you really are, set your status phrase, and much more...
VirusTotal Community is based on reputation, there are two ways of increasing your reputation credits. The first one is to build a network of trust. When you visit another user's profile after having signed in you will see an interaction menu:
You can trust the visited user. Trusting someone adds 10% of your reputation credits to their account (without subtracting them from yours). There is no way to request trust other than telling another user (via private message) to trust you. Ideally, trust will be given based on the activity generated by a given user in the community, hence, there will be no need to ask for trust. If you ever come across a file/URL review that you like, visit the user's profile, look at the rest of comments that they have made and trust them if you believe they are doing a good job.
Users that trust you and users that you trust will be added to the corresponding section of your personal profile, having a well-known community user in this list can act as a reputation booster with independence of your amount of credits.
VirusTotal Community members can exchange private messages. Private messages are an ideal way to discuss confidential or sensible information, for example, requesting someone's email address for further discussion. To send a message to a given user just visit their profile and click on the corresponding button at the top right hand side:
At the bottom of each URL or file scan report there is a section devoted to comments. We strongly encourage users to review the samples or URLs they submit, it can be very useful information for other users.
For example, let us assume we are software developers. We have uploaded one of our programs to VirusTotal so as to verify whether any antivirus solution incorrectly detects it. Indeed, one of the engines flags our program as a virus, it is time to comment the file and tell other users that this is a false positive. Of course, we will not forget to provide evidence to defend our claim, this could be done by specifying our product's site and describing the program itself.
Note that comments are not report specific, they are file/url specific, in other words, your comments will not be tied to a given moment in time, future submissions of the same file or URL will show up your reviews.
Some ideas for the subject of your reviews:
There are obviously many other subjects for your reviews, as long as it is helpful for someone it will always be an interesting post.
If you are answering another VirusTotal Community member's file or URL comment do not forget to address them your answer, you can do this by using the @user_nickname syntax:
All addressed comments will appear in the destinatary's profile mentions section.
File and URL comments allow custom tags. In order to create a custom tag you just have to preceed the tag word with a "#" symbol inside the comment (twitter-like syntax):
These are the instructions to remove this family of malware from your computer, I hope you find them useful... [... Instructions ...] #disinfection #zbot
These are some of the tags that you may want to use so as to create a standard community syntax:
Users can then search through the comments for specific tags using VirusTotal's search engine.
Below file or URL comments there is always a voting menu where you can tell us and other users whether you found the specific comment useful or not.
Useful comments will help other users to identify interesting reviews. Useful comments will also add reputation credits (10 points) to their authors. On the other hand, comments considered as not useful will subtract reputation credits from a given user (10 points), and they will help to identify misleading reviews.
A false positive is when antivirus software identifies a non-malicious file as malware. A false negative is when antivirus software fails to detect a malicious file. False positives and false negatives are the main problem of today's antivirus and we believe that the way to counteract them is via file reputation systems.
VirusTotal has developed its own file reputation system, whenever you send a file or URL you will see at the top right hand side of the report a Google-O-Meter chart. This chart records the reputation of the file or URL whose report is being rendered and ranges from -100 (fully malicious reputation) to 100 (fully harmless reputation).
The file or URL reputation is built (among other factors) with the VirusTotal Community user votes, recorded by clicking or either the malicious or harmless icon below the reputation chart.
Therefore, even though the user votes are not the unique notion building the reputation index, we do strongly encourage users to vote files and URLs as malicious or harmless if they are absolutely certain about their nature. By doing this, VirusTotal Community members will be helping the antivirus industry in their endless battle against false positives and false negatives.
Your profile shows the comments in which you have been referenced (mentions), your private messages, any trusts you receive and your public API key. Do not forget to visit it regularly.
Becoming a VirusTotal Community member gives you the right to a public API key. This key can be used to automate file and URL scans, as well as comment posting. Your public API key can be retrieved through the corresponding menu item under your user name once you have signed in:
You may read more about how to use this key by referring to the public API documentation.
Many users ask how they can obtain VirusTotal Community reputation credits. Currently, there are two ways to build reputation:
In the future we might introduce other factors for bulding up reputation, we are always open to suggestions, so do not hesitate to contact us if you have a good idea for earning reputation credits.