Sign in / up

back to article Infosec freeloaders not welcome as malware silo VirusTotal gets tough

Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb. For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Never representative of AV detection

    I tested this by playing with two fully licenced and up to date enterprise AV solutions.... strangely, when you uploaded a payload just made in metasploit with msfvenom with some encoding and iteration. Virustotal said that it would be detected by these two engines. When you actually deploy it on the machines with the AV - it wasn't detected at all and performed the bypass flawlessly....

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Never representative of AV detection

      Yes there is a weird thing that I've never understood - as you say, I upload files or hashes and it says that our McRubbish AV should have killed it and of course it doesn't.

      You have to wonder if there isn't something fishy going on with VT.

      0 0 Reply
      1. Captain Scarlet
        Reply Icon

        Re: Never representative of AV detection

        Is the AV when installed set to look into archives/large files etc...?

        Most AV's I have use have some sort of restriction on compressed archives and I know from ESET Nod32 there are files it can't unpack and scan properly (Clearly displayed in the scan log)

        1 0 Reply
      2. David Hicklin Bronze badge
        Reply Icon

        Re: Never representative of AV detection

        Maybe VT AV scanners are set to "Paranoid" sensitivity ?

        0 0 Reply
  2. EJ

    So... who are these freeloaders touting "patternless" next-gen AV vendors? Let's name names...

    Ahh - I guess Reuters did: www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4

    0 0 Reply
  3. funkenstein

    New business model?

    VT should write their own AV scanner and pay the AV engines that actually first detect a given piece of malware a royalty - like Spotify does with artists.

    Then you'd have a proper competition to see who can write the best detection software.

    Best of all, that allows VT to keep the API open to subscribers who can write whatever they want - next gen detection, or another "value-add" (read that as: search toolbar)... only they would also have to pay that royalty to the AV engines that get first detection. If you don't contribute, that's fine - because you're paying the contributors for their hard work. Conversely, if you believe you're better than the rest, you can still share your results with VT and cash out as always the first one to detect. 1337!

    You could probably even anonymise the source detector with BitCoin. Even VT doesn't know who it was who first detected, just that they did and that there's a wallet that needs to be paid.

    If artists can't sell CDs anymore, why should AV vendors sell endpoint software?

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like