VirusTotal

Discussion in 'other software & services' started by moontan, Apr 19, 2013.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    now has a limit of 64 megabytes, upped from a previous limit of 32 megs.

    pretty nice indeed! :)
     
  2. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Great news!
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Great news indeed as HAN posted.

    Thanks moontan!
     
  4. er34

    er34 Guest

    64 megabytes malware does not exist, neither does 32 megabytes whole file malware, neither does 16 or even 8 megabytes. Real malware can be few kilobytes big.
     
  5. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    8,647
    Location:
    NSW, Australia
  6. guest

    guest Guest

  7. Brian K

    Brian K Imaging Specialist

    Joined:
    Jan 28, 2005
    Posts:
    8,647
    Location:
    NSW, Australia
    Simply that you can upload a 64 MB file.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Are you implying that if someone downloads a 8/16/32/64 or whatever file, it cannot possibly contain malicious code in it?

    Also, there has been a super large malware already, Flame, a package of modules of ~ 20 MB. There's a beast right there. :D
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    the size limit at VirusTotal has nothing to do with the size of the malware itself but with the size of the file you are submitting for upload.

    i think it checks the checksum to make sure the files on record match with the one you have.
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i think some people here might be a little confused as to how VirusTotal works...

    you do not upload malware or virus to VirusTotal.

    you 'upload' a file, like an installer or some exe, to make sure that the file itself in not contaminated with malware or virus.
     
  11. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Malware by its deceptive nature would be very small to avoid detection,so malware in the range of megabytes would be quite rare.
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    we are not talking here about the size of the malware. sigh ... o_O
     
  13. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Well yes we are.

    The size of the malware is very much relevant.:rolleyes:
     
  14. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    maybe i did not explain myself clearly.

    in any case, maybe someone else can have a try at it.

    i'm out of this thread. lol
     
  15. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    A simple thread intending to let others know of a change in the file size limit of upload on VirusTotal brings about discussion of malware size. Wow! This brings about a new angle to look at when one says "size matters" :p
     
  16. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Yes,
    But the 2 are quite relevant.:D
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Bingo!!!!!!

    Quote from VT page:

    But, don't you end up uploading malware to VT?

    This is how it goes:

    1. You upload an URL/file, get a result that may indicate it's malicious or false positive
    2. You upload an URL/file, get a result which may be a false negative

    In either cases, you upload to check for potentially malicious files before you open them. If it turns out they're malicious, then you have effectively uploaded malware to VT, which on its turn will be shared with security vendors. If it they aren't malicious, then what you uploaded are clean files.
     
  18. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Hello moony.
    Im well aware of how virustotal works thank you.
    But please tell me.
    If i have an installer or exe that is say 80mb in size,then what.?

    I would scan it with my av.:D
     
  19. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    Malware can be appended to any sized executable, e.g. the traditional computer virus. An executable can contain packed malware, i.e. a trojan.

    The code for malware might be small, but the file that contains it doesn't need to be.

    This is a really weird thing to be arguing about.
     
  20. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if the limit at Virusotal is 64 megabytes and you have a 80 megs file to scan, then yes, you would have to use another option. lol :p
     
  21. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    It does exist. And yes, it's rare.
    Agreed, the assumption of large files as safe-by-definition has already been used;

    "The Mutter Backdoor: Operation Beebus with New Targets

    FireEye Labs has observed a series of related attacks against a dozen organizations in the aerospace, defense, and telecommunications industries as well as government agencies located in the United States and India which have been occurring at least as early as December of 2011.
    In at least one case, a decoy document included in the attack contained content that focused on Pakistan military advancements in unmanned vehicle, or “drone” technology.

    Technically, these attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems.
    The malware used in these attacks employs a number of interesting techniques to “hide in plain sight” and to evade dynamic malware analysis systems.
    Similar to, though not based on the attacks we saw in South Korea, the malware tries to stay inactive as long as possible to evade dynamic analysis detection methods.
    ...
    This brings us to the next “hide in plain sight” tactic we noticed. Observe the size of the file above. It’s a whopping 41 megabytes. With rare exception, malware typically have a small size usually no larger than a few hundred kilobytes.
    " link
     
  22. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    First of all, the point is that VT purpose is for people to upload files/scan URLs (to also scan files in some cases), so they can have a better understanding of what they have at hands - malicious or safe.

    VT is not about uploading files to check their hashes, as it was mentioned by another user. That was the point of my post. :) Seriously, if people want to check hashes, they don't need to waste montly traffic uploading files (they already spend traffic downloading those file :argh:), they can very well just download a small(ish) hash checking application. Once people check the hashes locally, then they can search for it at VT and see if the corresponding file has already been scanned. (I know you know that. Just explaining it for the sake of it.)

    Regarding the 80 MB "problem" (or more than 64 MB for that matter), you're going to have to complain to Google now. :D
     
  23. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    I think for most users scanning urls is a bit of a chore considering how some people browse.Except perhaps if its an important site like say an online banking site.

    Point im trying to make is that the uploading of large amounts of data to VT is in some instances a waste of time as any malware is likely to be very small.
    An instant cloud option would be a better alternative rather than going to the VT site and manually uploading 60 odd megabyte of data just to find that it contains a malware of kb,s.

    Besides any decent av you have installed should pick it up upon execution.:argh:
     
  24. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The size of the malicious code doesn't matter... The malicious code can be very small in size, but it may be embedded in bigger files. That's what you need to understand.
     
  25. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    right.

    but some people don't want to have or install a AV software.
    me included.
     
    Last edited: Apr 20, 2013
Thread Status:
Not open for further replies.