[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] [VirusTotal] Scan result (fwd)

Unless for (a purely theretical) example the website would use your submission to infect others

Right, that is what I'm concern about. I do not know the intension of virustotal.com, and their policy on binaries they received. The parent site (http://www.hispasec.com/) does not offer more information. I believe the intension maybe good but I have some lingering suspicion of *free* service that have you send in binary maybe the elaborate works of vx traders. (cue the conspiracy theories)

Me submitting the virus to someone count as distributing the virus (according to the lawyers). I been warn by lawyers about such things. I should add that the lawyers have no problem if I submit the sample to AV company. Its more of a CYA than anything else.


J


Michel Messerschmidt wrote:

On Fri, Sep 03, 2004 at 10:43:50AM +0530, Aditya Deshmukh wrote:


hey if the binary is infected and does not contain any hardcoded sencitive info what do u care about the owners of the website ?


Unless for (a purely theretical) example the website would use your submission to infect others (perhaps with your address as sender) :-) Although the binary may not contain any sensitive data, it is dangerous in itself because it is self-replicating and thus hard to control once it is activated. If your are not very cautious when handling self-replicating code, you most likely end up sending it out to the world.

So for the question how to handle possibly dangerous code it all comes down to "Who do you trust" ?




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html