Hackers are using Google's antivirus tool to test their attacks

This virus code is totally legit

Google's VirusTotal site can be very handy if you're worried about malware; upload a file and dozens of antivirus tools will check to see if it's malicious. However, it's now clear that this site can hinder as much as it helps. Security research Brandon Dixon has spotted several big hacking teams using VirusTotal to test attacks before launch, including two linked to state-sponsored operations. They effectively treat it like a debugging tool -- if one or more scanners detect a pre-release virus, the developers tweak their code until it slips under the radar. In some cases, they've even put old malware through the site to make it dangerous again.

Some malware groups are smarter than others about hiding their tracks, and Dixon's discovery may get the less clever outfits to mask their activities. However, the revelations could still help Google and security software producers catch abuse of testing services by making it easier to spot suspicious behavior; they could even prevent attacks by tracking the code and building appropriate safeguards. We've reached out to Google to see what it can do. Whatever it's doing, your best defense may simply be to take a cautious attitude. Be wary of files and websites you didn't ask to see, even if your antivirus apps give them the all-clear.

[Image credit: Shutterstock]