Discussion in 'other software & services' started by moontan, Apr 19, 2013.
now has a limit of 64 megabytes, upped from a previous limit of 32 megs.
pretty nice indeed!
Great news indeed as HAN posted.
64 megabytes malware does not exist, neither does 32 megabytes whole file malware, neither does 16 or even 8 megabytes. Real malware can be few kilobytes big.
I know this post isn't directed to me but, what are you implying?
Simply that you can upload a 64 MB file.
Are you implying that if someone downloads a 8/16/32/64 or whatever file, it cannot possibly contain malicious code in it?
Also, there has been a super large malware already, Flame, a package of modules of ~ 20 MB. There's a beast right there.
the size limit at VirusTotal has nothing to do with the size of the malware itself but with the size of the file you are submitting for upload.
i think it checks the checksum to make sure the files on record match with the one you have.
i think some people here might be a little confused as to how VirusTotal works...
you do not upload malware or virus to VirusTotal.
you 'upload' a file, like an installer or some exe, to make sure that the file itself in not contaminated with malware or virus.
Malware by its deceptive nature would be very small to avoid detection,so malware in the range of megabytes would be quite rare.
we are not talking here about the size of the malware. sigh ...
Well yes we are.
The size of the malware is very much relevant.
maybe i did not explain myself clearly.
in any case, maybe someone else can have a try at it.
i'm out of this thread. lol
A simple thread intending to let others know of a change in the file size limit of upload on VirusTotal brings about discussion of malware size. Wow! This brings about a new angle to look at when one says "size matters"
But the 2 are quite relevant.
Quote from VT page:
But, don't you end up uploading malware to VT?
This is how it goes:
1. You upload an URL/file, get a result that may indicate it's malicious or false positive
2. You upload an URL/file, get a result which may be a false negative
In either cases, you upload to check for potentially malicious files before you open them. If it turns out they're malicious, then you have effectively uploaded malware to VT, which on its turn will be shared with security vendors. If it they aren't malicious, then what you uploaded are clean files.
Im well aware of how virustotal works thank you.
But please tell me.
If i have an installer or exe that is say 80mb in size,then what.?
I would scan it with my av.
Malware can be appended to any sized executable, e.g. the traditional computer virus. An executable can contain packed malware, i.e. a trojan.
The code for malware might be small, but the file that contains it doesn't need to be.
This is a really weird thing to be arguing about.
if the limit at Virusotal is 64 megabytes and you have a 80 megs file to scan, then yes, you would have to use another option. lol
It does exist. And yes, it's rare.
Agreed, the assumption of large files as safe-by-definition has already been used;
"The Mutter Backdoor: Operation Beebus with New Targets
FireEye Labs has observed a series of related attacks against a dozen organizations in the aerospace, defense, and telecommunications industries as well as government agencies located in the United States and India which have been occurring at least as early as December of 2011.
In at least one case, a decoy document included in the attack contained content that focused on Pakistan military advancements in unmanned vehicle, or “drone” technology.
Technically, these attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems.
The malware used in these attacks employs a number of interesting techniques to “hide in plain sight” and to evade dynamic malware analysis systems.
Similar to, though not based on the attacks we saw in South Korea, the malware tries to stay inactive as long as possible to evade dynamic analysis detection methods.
This brings us to the next “hide in plain sight” tactic we noticed. Observe the size of the file above. It’s a whopping 41 megabytes. With rare exception, malware typically have a small size usually no larger than a few hundred kilobytes." link
First of all, the point is that VT purpose is for people to upload files/scan URLs (to also scan files in some cases), so they can have a better understanding of what they have at hands - malicious or safe.
VT is not about uploading files to check their hashes, as it was mentioned by another user. That was the point of my post. Seriously, if people want to check hashes, they don't need to waste montly traffic uploading files (they already spend traffic downloading those file ), they can very well just download a small(ish) hash checking application. Once people check the hashes locally, then they can search for it at VT and see if the corresponding file has already been scanned. (I know you know that. Just explaining it for the sake of it.)
Regarding the 80 MB "problem" (or more than 64 MB for that matter), you're going to have to complain to Google now.
I think for most users scanning urls is a bit of a chore considering how some people browse.Except perhaps if its an important site like say an online banking site.
Point im trying to make is that the uploading of large amounts of data to VT is in some instances a waste of time as any malware is likely to be very small.
An instant cloud option would be a better alternative rather than going to the VT site and manually uploading 60 odd megabyte of data just to find that it contains a malware of kb,s.
Besides any decent av you have installed should pick it up upon execution.
The size of the malicious code doesn't matter... The malicious code can be very small in size, but it may be embedded in bigger files. That's what you need to understand.
but some people don't want to have or install a AV software.
Separate names with a comma.