Silver People easily get fooled by spoofed virustotal scans

miso · 05-15-2020, 07:28 AM

VirusTotal.com is an online file-scanning service that allows users to upload file and to see how safe it is. Those are especially used for threads where an application is shared, allowing the viewer to see what the application gets detected as.

However, viewers can still be infected by a virus from the application, even if the virustotal scan has a detection rate of ~0 hits.

This can happen because of 2 reason:
- the creator somehow made an undetectable virus, which is very unlikely
- the person posting the application swapped the infected application with a clean file, renamed the clean file as the application and sends it to virustotal, while providing a download link to the infected file. This is 99.9% of the time the actual reason.

however, the person might also have made a relay application to download the actual malware, this normally doesnt get flagged as a virus if it has a "whitelisted" name in the antivirus's engine. therefore, please check the extracted files and links it might sends.

after, there is the obvious Archive scanning or URL scanning, those can be flagged way more easily compared to relay apps since they have a different filetype.

TL;DR: Always check the I/O of an app on virustotal & re-scan the file after download (but before launching it) to see if the original scan was spoofed or not.
edit: and always use a VM or atleast a Sandboxer to just make sure the file doesn't affect your computer.

mothered · 05-15-2020, 10:07 AM

Further to the above, do not use your main system when downloading files from this board.

As I keep mentioning, always download and execute tools/applications In a controlled environment- VM, Sandboxie and the like. If members require assistance with setting up and configuring either of the two, simply shoot me a PM, and I shall provide my step-by-step tutorial.

miso · 05-15-2020, 10:59 PM

(05-15-2020, 10:07 AM)mothered Wrote: Further to the above, do not use your main system when downloading files from this board.

As I keep mentioning, always download and execute tools/applications In a controlled environment- VM, Sandboxie and the like. If members require assistance with setting up and configuring either of the two, simply shoot me a PM, and I shall provide my step-by-step tutorial.

thanks for reminding me about it, i've added colors in the thread and added your comment ^^

Dismas · 05-16-2020, 03:39 AM

As always, treat any unknown files with suspicion. In the event someone is providing a fake scan link, it is encouraged you provide a proper scan and report the thread to staff.

mothered · 05-16-2020, 04:25 AM

(05-15-2020, 10:59 PM)miso Wrote: thanks for reminding me about it, i've added colors in the thread and added your comment ^^

You're very welcome.

Thanks for adding the VM/Sandboxie. The thread's color and layout looks a lot better.

miso · 05-16-2020, 04:34 AM

(05-16-2020, 03:39 AM)Dismas Wrote: As always, treat any unknown files with suspicion. In the event someone is providing a fake scan link, it is encouraged you provide a proper scan and report the thread to staff.

that is what i do, i start by telling if the app is fake or not and if it is a malicious file, following with a manual scan. (if the download is a relay app, i will scan the file downloaded by the relay)