VT Community parasites and some small things about the system

371 views
Skip to first unread message

Steven Xylitol

unread,
Apr 4, 2014, 6:49:42 AM4/4/14
to virus...@googlegroups.com

Hello,
I was wondering what's the hell with VT users who massively reports malware anyhow such as @Seyhoo:

Ok, it's definitely malware but their comments are just questionable when they reports.
It's based on AV Dectections who are oftenly wrong and these users just give a bad verdict about the content of malicious files.

I've already talked to some like @angel1973 in private to don't make a 'drama' in public:

I've told him that 'trust to trust' is a stupid idea and that i don't like his way of contributing, then he answered me to keep my opinion for myself, that what's i've do till today.
Second thing i hate are also the 'trust to trust' requests.

For @angel1973, this guy just browse the 'Latest comments' tab of the community and tag as malicious what's people tag as malicious.
I've already trapped him once by tagging a notepad as malicious and he tagged it as malicious too (lol?)
And like @Seyhoo this guys seem to do a lot of false positive:


There is also @Malware1 who tag as malicious almost each file that @Malekal_morte reports as malicious.
Example here: https://www.virustotal.com/en/file/a186f56642a1fab10b0473d849cb5e3a9873859fde22d917fca80535b6e1b0b5/analysis/
parasites comment by @malware1 and @angel1973

Not that i don't like them, but that getting boring when we take our time to check wich malware exactly is the file and then you have users posting stupid comments based on AV detections and then claiming to be 'Virus expert' (what do that even mean ?).

Also not related but did the comment function work correctly with tagging ?
I've tagged some file as #Solar (Solar bot) but when i look on the VT search engine for #Solar:
"Comments tagged as #Solar
No comments"

Related to comments did the [code][/code] work correctly ?
If it's for code formating looks like it's doesn't work well, for example, have a look on comment: https://www.virustotal.com/en/file/d2adb3c96a5195bf7c8c5cbf51fba86109e67ec26073fbfba7640ba8abb32f55/analysis/
Tab and space seems ignored.

For users who leave just '#malware' as comment also, i start to wonder if it's really helpfull to the community, more detail would be appreciated, not just '#malware'
And about '#malware' from what i understand this make also the balacing voting as malicious automatically, what's the opposite for voting as goodware ? '#goodware' ?

Regards
__
/Steven

Steven Xylitol

unread,
Apr 15, 2014, 7:46:13 AM4/15/14
to virus...@googlegroups.com
I just understanded that for searching with hashtag, the search field is case-sensitive buggy ?
For example with '#Solar' VT return no results, but if you search '#solar' it find the sample tagged as '#Solar'

Regards

Emiliano Martinez

unread,
Apr 16, 2014, 5:21:12 AM4/16/14
to virus...@googlegroups.com
Hello Steven,

I actually forgot to press send on this message...

Thanks for bringing all of this to our attention.

1) Seyhoo. While limited tagging is not really useful, I believe his comments are indeed very valuable too, mainly because they contain the download URL of the pertinent samples:
This is pretty useful as it enables other researchers to have some further background with respect to a given threat and its in-the-wild locations and dissemination strategies.

2) Angel1973 and malware1. Malware tagging based on AV reports is not something we want, I agree with you. Malware tagging and comments should be based on personal research, ideally debugging/disassembling the sample. This said, even if the comment just contains a tag, so long as the tagging is justified with thorough research, it might be useful as it will count as votes towards the reputation of the sample.

3) Trust to trust. Agree, I don't like users writing private messages to ask for trust, unless they actually know themselves. I try to penalize this whenever I am acquainted with it happening and I encourage community users to report these issues.

4) Search by tags. We are working on revamping this and making a better comment search engine, for the time being this feature is deactivated. The results you see are based on old comments, so it might well be that some old comments did contain the lower case #solar tag but not the upper case one.

5) [code] tags. There is an issue with the version of the WYSIWYG editor we are using, it does not replace bbcode tags correctly, I have to look into it to fix it.

6) Opposite of #malware tag. Yes, #goodware should actually move the balance positively, #harmless should do to.

Other than that, We have to think of new ways to revamp the community, it is a bit stalled and the reputation system is not competitive enough. I agree that we need more interesting information and a credit system that incentivizes further participation and more detailed comments.

Thanks!


--
--
Choose a file, check it with more than 40 antivirus, fast and easy: http://www.virustotal.com

---
You received this message because you are subscribed to the Google Groups "VirusTotal" group.
To unsubscribe from this group and stop receiving emails from it, send an email to virustotal+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages