It’s long been suspected that hackers and nation-state spies are using Google’s antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups—including, surprisingly, two well-known nation-state teams—as they used VirusTotal to hone their code and develop their tradecraft....http://www.wired.com/2014/09/how-hackers-use-virustotal/
They already have a few knockoff VT scanning services that don't even share the results to AVs (basically, they're made for malware creators to test their samples or crypting methods). I'm willing to bet the NSA level stuff is tested in house on their own multiple AV scanning system. Well, I'm glad my inkling to submit files over Tor was valid. But that's another thing I'm surprised they didn't apparently do.
This isn´t really a surprise to me, but it does make you think about how reliable VT exactly is. On the other hand, if you download apps from trusted sites/vendors the chance is quite small that you will be running a malicious app in the first place.
Well, I guess the team was not fully sponsored by the state after all. Either that, or the state itself is playing cheapskate and didn't bother to create their own testing environment. =P