:MyWorld

False Positive - Malware - AntiVirus

I’m a little annoyed really at some of the people I deal with mainly on a daily basis with there arrogance and proval to be right, it’s a shame they can’t work as a team really or even consider someone elses opion,

We had a customer, this customer has a file which is classed as a really dangerous infected file.. Our AV Research Team agree after being sent the file, this is dangerous and will remain detected.. amuzing,

I’ve scanned the file via VirusTotal, and wow.. 17 other AV Vendors agree with them.. 17/40.. that’s not a definiate identification I feel.. but still, I’ve analysed the file myself in my vmware honeypot and via several malware analysis sites and I cannot see why these people feel it’s infected..

I understand that AV Teams share signatures for the best, our internal AV Team use ClamAV and a few others to keep our database uptodate.. however, hen recieveing a file, I don’t know ‘how’ they analysed it.. or if they even bothered, but they determined my analysis of the file to be incorrect and wrong, and thus it should be still detected as a virus, /sigh.

I don’t know why people dont bother to do there job properly, neither do I understand why they don’t believe there own inhouse support team, but thats not really my concern, it’s been a eye opener for myself, I have helped the customer myself and removed this file from her internal database, just a shame it will prob come back.. I even submitted this issue to the one person I consider highest ranked in the Company (that I have access to speak to directly) to be informed it would be looked into.. it wasn’t and is still detected as an infected program.. ah well.

I’ve now sent this file to AVG, Sophos, Prevz, Fortinet, Panda and various others.. Bitdefender have checked the file and said it’s not infected, so has Sunbelt.. who so far have had the best support person,

I am bitterly dissapointed with Kaspersky, I had high hopes for that AV Checker, but after the recent VB100 awards, it’s obvious why they are so lazy at dealing with anything, I got a reply from them informing me they already detect the file and nothing more should be done.. I replied to the email, but several weeks afterwards, they didn’t bother to reply.. how arrogant, I’d love to speak to there Virus Researcher and say ‘hey, do you have a fucking clue what you’re doing in your job? or do you just sit around all day doing fuck all.’ – if the customer is always right, and they viewed me as a customer or a potentional customer, why wasn’t my request taken seriously.. and why did they not even bother to reply to me?

Well, i’ve emailed several companies, and submitted the file to them.. they can analyse it inhouse with there own ‘pro’ AV Teams and make a choice.. infected or not. – we shall see what they come back with..

Here is the current VirusTotal Results.. lets give it a week or so and see how many of them have upheld my request and actually bothered to CHECK the file themselfs.. Oh, and I may add I did email the developer of the file in question, G.D.G Software and spoke to the developer there, he informed me the file is clean too (supprisingly) – the irony behind this is the infection was found when a customer of my company reported it and I took it to analyse and then send to our AV Team.. the dev and various other companies think this is not infected.. I wonder who the last AV Company will be on the VirusTotal list to actually bother checking this file and detecting it as clean.. I have a feeling that as the company I work for was one of the first ones to ‘see’ this file it’s ironic that they will be the last to bother removing it and detecting it as clean..

Ah well, we are not allowed to deal with AV Cases anymore, our highly trained AV Monkeys are to handle them all.. because they know they are right, no matter what.

So much for Team Work.. – I would be bitching directly at our AV Team, but I feel rude telling them they are wrong, and despite submitting the file in the first place and informing them I consider it clean, and providing a full trace of the file and an analysis report, they informed me by writing in these exact terms (including case) ‘this file IS infected and will continue to be detected’ – Thanks Guys, nice to get the feeling you bothered to actually analyse the file.

http://www.virustotal.com/analisis/eeb976718fb68a795a4d4bd2977d9dd5afd8500beaf1ec37ce9cc65caa3d3fa2-1256202859

let’s see how long it takes before the VirusTotal list goes down.. and jesus it’s been a lot of work submitting these False Positives to people – some have automated sites, some have email addresses, some want it compressed with a specific password and others just dont care about False Positives.

16 Comments

This is a funky idea for a clock, the parts that show the hour rotate around it, so you have a constantly changing clock – something I find quite funky.. here is what the clock looks like..

Chasing Time - Pidltd.com

You can see more about this on http://en.pidltd.com/en/details/designer_home_accessories/chasing_time_2506.html&image=10536

No Comments