VirusTotal for self made releases is useless (Proof)

[Wizatek]

Hi.

 

I want to show, why a antivirus will only protect you from programs that existed, and had a trojan or virus added later.

If a programmer, adds his malicious code from the beginning, no antivirus will detect it.

And this way you think your program is clean and doing what it should do, while infact its opening your entire pc to the world.

 

 

The program linked below, will open a telnet server at port 1337.

You can connect to it with telnet, or putty, and u will have direct access to the entire PC.

As you can see the program promises to make coffee for you, but in the background it will do something else, and u will never notice.

 

 

 

Now when we look at the virus total report :

 

 

I added the file, so you can try for yourself.

You can run it, connect to 127.0.0.1 at port 1337 and you will see that it will open a shell without any hesitation.

But the main thing i want you to do, is just scan it with your antivirus installed on your pc, and see for yourself.

 

(It wont add anything in your memory, and when you close the program, the telnet server is gone. this is only to prove my point why releases shouldnt be only checked with virustotal when they can open your pc wider then anything. Its written in C# so you can decompile it if you dont thrust me )

 

 

2

[xMeowx3]

(It wont add anything in your memory, and when you close the program, the telnet server is gone. this is only to prove my point why releases shouldnt be only checked with virustotal when they can open your pc wider then anything. Its written in C# so you can decompile it if you dont thrust me )

 

Not sure if its permitted to post, but I dont see any problem with it any ways

 

These are the conditions to approving files, as you can see, we are to download it and check, it specifically says NOT to check a release by the virus total only.

1)Download the released file

2) If its zipped,unzip the whole folder

3)Scan all files with a file scanner

 

Thanks for showing us this though, appreciate the time taken to write this and your concern.

[Wizatek]

Download it, and validate it, like you would usually do. i am pretty sure its valid

[xMeowx3]

Download it, and validate it, like you would usually do. i am pretty sure its valid

Point taken, done and no threat found by avast,

Ill wait on the admins of board to reply to this.

[Wizatek]

I did reply on it already :p

[Sutz]

Nice post Wiz

Only an idiot would think just scanning a file on this board (or any) makes it 100% safe. There is always a % of worry when using anything someones shares on this board an I proved this with lc cms 3.4

I had a back door in this so I could make problems for people who used my cms without my permission (cracked). Looking back now was a silly idea as the "cracker" may have found this back door an used it on anyone running the cms.

Since then the back door was removed an I released the cms open for everyone to used an view the scripts to prove its clean.

 

Best ways to solve this is keep all ports closed accept what you need, try to keep what you can local an not remote an dont allow untrusted files access to the net.

Have a test server where you can test stuff before using on a live server.

Never trust anyone!!

[Nymphetamine]

Yeah nice post.

Still virustotal was never took in consideration about any release since i made some guidelines first of approve them,and they contain that u have to download the file and scan it with one or more antiviruses.

I always knew VT wasnt that safe

About the normal antiviruses..well.. i knew this from a while and i always thinked that even if an antivirus cant check always what a file contains its always good since the most of problems and crap can be detected