Why isn't VirusTotal detecting a zip file that contains malware?
by winger9 from LinuxQuestions.org on (#5J633)
Summary
1. On www.virustotal.com, I have just used its "Scan a URL" feature to see if it
detects malware within zip files.
I found a test zip file containing malware (I believe), at
https://github.com/ActorExpose/source-code-apk-malware
The actual file containing the malware is
https://github.com/ActorExpose/sourc...heads/main.zip
2. So I pasted the above zip file URL into VirusTotal's url box, and hit ENTER.
But to my surprise, the result showed "0/88: No security vendors flagged this
URL as malicious".
3. So my questions are:
a) Does this mean that VirusTotal is not detecting the malware?
b) If not, why not?
c) Or have I chosen a zip file on github that doesn't actually contain malware?
d) If the latter is the case, where can I find a zip file that does contain
malware, so that I can test it on VirusTotal?
e) Is there a reputable site that has such a sample zip file?
Full Details
4. Initially, I ran the malware checker www.virustotal.com on the Firefox
extension visited-color-picker. This is because I was considering downloading
the extension, but Firefox point out that they don't maintain security checks on
it. The extension changes the colour of visited links to the colour of your
choice.
You see, Firefox's own visited links color selector doesn't work satisfactorily
(yes I HAVE selected "Always" in Firefox's Preferences...Colors).
5. The extension visited-color-picker can be downloaded from
https://github.com/william-billaud/visited-color-picker
And the file to download is
https://github.com/william-billaud/v...ads/master.zip
6. So I used VirusTotal's "Scan a URL" feature, and pasted the above URL address
of the zip file into the box.
The result showed "0/88: No security vendors flagged this URL as malicious".
7. But I decided to check if www.virustotal.com really does detect malware. So I
found what I believe is a zip file containing malware, at
https://github.com/ActorExpose/source-code-apk-malware
The rest is explained in the "Summary" at the start.
1. On www.virustotal.com, I have just used its "Scan a URL" feature to see if it
detects malware within zip files.
I found a test zip file containing malware (I believe), at
https://github.com/ActorExpose/source-code-apk-malware
The actual file containing the malware is
https://github.com/ActorExpose/sourc...heads/main.zip
2. So I pasted the above zip file URL into VirusTotal's url box, and hit ENTER.
But to my surprise, the result showed "0/88: No security vendors flagged this
URL as malicious".
3. So my questions are:
a) Does this mean that VirusTotal is not detecting the malware?
b) If not, why not?
c) Or have I chosen a zip file on github that doesn't actually contain malware?
d) If the latter is the case, where can I find a zip file that does contain
malware, so that I can test it on VirusTotal?
e) Is there a reputable site that has such a sample zip file?
Full Details
4. Initially, I ran the malware checker www.virustotal.com on the Firefox
extension visited-color-picker. This is because I was considering downloading
the extension, but Firefox point out that they don't maintain security checks on
it. The extension changes the colour of visited links to the colour of your
choice.
You see, Firefox's own visited links color selector doesn't work satisfactorily
(yes I HAVE selected "Always" in Firefox's Preferences...Colors).
5. The extension visited-color-picker can be downloaded from
https://github.com/william-billaud/visited-color-picker
And the file to download is
https://github.com/william-billaud/v...ads/master.zip
6. So I used VirusTotal's "Scan a URL" feature, and pasted the above URL address
of the zip file into the box.
The result showed "0/88: No security vendors flagged this URL as malicious".
7. But I decided to check if www.virustotal.com really does detect malware. So I
found what I believe is a zip file containing malware, at
https://github.com/ActorExpose/source-code-apk-malware
The rest is explained in the "Summary" at the start.