Copy and paste detections

Do you like AVs that copy and paste detections from others


  • Total voters
    14

kiric96

Level 19
Thread author
Verified
Well-known
Jul 10, 2014
917
Hi, some time ago in a subject called "numeric analysis" we coded as a final project a program that does basis operations like matrix addition and so on.

week ago i was looking in my archives and for casuality i found the program and decided to upload to VT mmm... a weird bitdefender...
test1.jpg

..detection (the only one). It is ok no antivirus is perfect and can make some mistakes, that is why i decided to sent the file to their labs..
emsi.jpg

to see what they have to say about this... of course they did remove the detection... hey but wait... days ago I reuploaded the sample to virustotal... and then??? what?? more detections??
sample2.jpg

how is that possible?? it is indeed a FP.

so guys what do you think??? please note that i am the author of this file, it was coded almost a year ago.. so no one except me have it, so why after a year of creation, there have been only a detection and then I upload to VT (and days later) ... wala more than one detection... We have reputable companies here.. so what´s going on?

I know the answer but I want to hear your thoughts and opinions xD and if you want, I can upload the file if you want to have a look..

PST: this is not new but it was a quite funny and i wanted to share with you guys...
MD5: 0572f8e57332c53e9b0d5bd448316130
 
Last edited:

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
Could not get you. Are you saying these 4 are copying detection from Virus Total? Please explain.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@gricardo21 : You're not alone, my program made in VB.net before was detected FP by Kaspersky; reported but still not yet removed. ;)

Well its hard to know the reason why it happens all the sudden when code implemented are not design to be malicious.

So its trigger happy detection
 
  • Like
Reactions: kiric96

kiric96

Level 19
Thread author
Verified
Well-known
Jul 10, 2014
917
Could not get you. Are you saying these 4 are copying detection from Virus Total? Please explain.
indeed they are, in simple terms the file was first detected by bitdefender a week ago, so i sent the file to their labs, they recognized as a false positive and they delete the detection, but suddenly others AV started to detect the program as malicious. I wrote this program over a year ago, so no one have a copy of it (it is not on the wild), this is the point... it is a year old: why until now some AVs started to detect the file (why a week ago the file was 6/54 only detected by bitdefender) and now we see more detections)
 

Paul Lee

Level 10
Verified
Well-known
Oct 14, 2014
496
No, I don't mind. As long as they can improve certain other features like BB & HIPS. Which is why I like Emsisoft so much. Excellent detection from the Bitdefender engine alongside impenetrable BB makes Emsisoft one of the best in the business :D
 
  • Like
Reactions: kiric96 and Anupam

Cain

Level 4
Verified
Dec 19, 2013
171
After initially reading the question, I thought "No problem, what ever gets the job done and at the end of the day keeps the risk to a minimum." ...but now I see the potential problem that is caused within the practice of a "Copy/Paste" method... I guess those who engage in it had better make sure their "Post Copy/Paste Follow-up" procedure is just as meticulous !
- because a growing reputation for high false positive rates will equally loose user trust and drive away their supporters.
 
  • Like
Reactions: kiric96

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Files submitted to VirusTotal get shared amongst vendors? @Malware1

What do you mean by copy and paste detection?
 

kiric96

Level 19
Thread author
Verified
Well-known
Jul 10, 2014
917
What do you mean by copy and paste detection?

at the beginning only bitdefender detected the file under its own name, later others AV added a detection for this file just because bitdefender detect it, no matter if it was a false positive.

Files submitted to VirusTotal get shared amongst vendors?

as everyone knows virus total shares uploaded files to others vendors... here the fact is that, just because an AV engine detect a file it doesnt mean that others have to...(detect it)
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Did you contact those vendors?
 

kiric96

Level 19
Thread author
Verified
Well-known
Jul 10, 2014
917
Did you contact those vendors?

no, i wont do it... the same way they did to add a false detection, the same way they HAVE to correct the file.... it doesnt worth the effort to report a false detection that was taken from other av
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top