Well, one thing is even though you said they'd be the same file size, they wouldn't be.
Also, I'm pretty sure minions check through them, so if all the new folder contained was random files and then a keylogger, they would know.
Ok, so lately I was thinking how some hacker "could" potentially send a keylogger or
other form of virus by submitting files through our forums.
Obviously the rules say you need screenshots and two virus scans (jotti and virustotal).
Leaving aside the screenshots, let's discuss about the scanners. Scanners do their job yes,
but what tells us here or a moderator that the file submitted is the same as the one that was scanned?
I could, for example, create a file called rotmg_client.zip (containing keylogger)
and one called rotmg_client.zip (placed somewhere else on my computer, without a keylogger)
and both files are named the same, and have the same filesize.
I send the non-virus one to jotti/virustotal, obviously it reports everything is good and then I send the
virus one through these forums and people think it's the same file.
In other words, to sum it up, am I missing something here? is there a way for moderators
to then manually scan again the submitted file? But if moderators scan them, why is there
a need for jotti/virustotal? And if people have to scan them again then manually, well again,
what is the point in jotti/virustotal? Because otherwise, people could do this and we have no clue.
Thanks
Last edited by atenzor; 07-16-2013 at 04:06 PM.
Well, one thing is even though you said they'd be the same file size, they wouldn't be.
Also, I'm pretty sure minions check through them, so if all the new folder contained was random files and then a keylogger, they would know.
Each file has a hash code. The hash code is kind of like a series of characters that represents the file. You could have two zip files, exactly the same size and name, but they would have different hash code's. The online scanners show the hash code of the file scanned, so when a minion comes along to approve it, they can make sure the hash of the file uploaded matches that of the file in the scan. However, I have made a key logger that captures every key c
Pressed system wide and uploads it to me, which goes undetected by online scanners, so you're never fully safe! That's why Hux and nilly do their best to make zure files are safe, regardless of scans.
marinepower (07-16-2013)
ah ok, thanks for info