Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Rootkit.KInject is a sexy new virus. Let's talk about notable viruses we have recently encountered
 
  • Locked thread
LordSaturn
Aug 12, 2007

sadly unfunny

 For those of us playing along at home - are you saying that the often-cited "signature" method of detecting viruses and malware is just an md5 hash of the files? That sounds distressingly inadequate.

* # ¿ Oct 29, 2015 17:38
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 21, 2024 01:24
  • Quote
LordSaturn
Aug 12, 2007

sadly unfunny

OSI bean dip posted:

Are you suggesting that I send the files straight to VirusTotal every time? Because I could do that and then wait six years for it to scan through 1 TB of files.

All this script does is sends off a hash to VirusTotal to check through its history. If you upload a file to them and it has previously been seen, it'll inform you that it has seen the file before using the very same method but will then rescan the file if you request. It doesn't really do anything beyond that other saying "yes" or "no" to whether or not it has been seen before. It's not a definitive answer because the signatures can apply to multiple different hash results.

Also sending files to VirusTotal is dumb in a lot of ways for a number of reasons, but mainly this: the files get sent to a number of organisations (including the well-respected Italian company, Hacking Team) in which they'll analyse it as they desire. If you're okay with sharing proprietary files from your organisation, then send them straight to VirusTotal. It can however lead to some hilarious results as some of us can attest.

No, sorry, I'm just following the discussion and I thought for a second that all signature-based detection was based on md5 hashes which seemed kind of :psyduck: like how could anyone ever trust that to work, that would be the easiest thing in the world to pad your way out of.

I don't actually know anything about this subject and the discussion is very interesting to me.

* # ¿ Oct 29, 2015 20:28
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Rootkit.KInject is a sexy new virus. Let's talk about notable viruses we have recently encountered