A file link container. STOP THE VIRUSES!

Ok, after blocking a few keylog/accsteal-attempts I had the idea to make an "File link container".

What is this?
A file link container would be a sort of box (like qoute) opened and closed with [FILE]www.google.com/virus.exe[/FILE]

This "box" has the color orange and status "Unchecked" by default.
Then, the box can either go green "Verified" (no virus) or red "Malicious" (virus)



Ofcourse, people can just post links without the [FILE] tags, people positing links to files should always use the [FILE] tags or a mod locks it.
Simple as that.

How and who will verify?

What will happen:
1. Multi-scan (VirusTotal/jotti/virscan/novirusthanks)
-> if virus detected, RED
2. Analyzing (Checking internet behavior, what files it uses, what registry codes it reads, if it creates anything (like an exe))
-> if malicious behavior is found, RED
3. If its a VB.NET application (most viruses are as vb.net as its easy to learn, and kids love being bad ass) we reflect it using reflecter or deobfuscate if obfuscated.
4. If its not VB.NET we try to decompile & deobfuscate.
If not working -> Disassembly (I have minor experience with this, but I'm learning).


Everyone who knows what they are talking about can help, I volunteer to verify and make reports. (eg. http://sythe.org/showthread.php?p=7675079#post7675079)

Thanks for reading!


thr0wback

PS: "file link container" sounds cheap, anyone has a better idea?

 

No support, its kind of obvious when the file is infected (auth generators, paypal money dupes, etc), so it would be easier to just delete the links.

 

There not just auth. Generators anymore.

Last time it was a guy posting his modified version of rsbot. It actually worked but sended ur pw to a site. I deleted more then 10 logs

 

I agree with this.

If you can't differentiate between a harmful link, and a safe one, you shouldn't be clicking on any in the first place.

I for one, inspect every link that comes from someone who I don't trust.

 

There's a verified program section in Runescape Cheating for just this.

 

Yes, and it Says its not updated.
Meh, idc if people get keylogged. It happend to me a while back and I don't want other kids to lose there acc

 

Support, mainly because iv made it a goal of mine to find all the infected RS private servers out there, and you'd be amazed at how many there are, including a LARGE amount that still function perfectly + have a decent base.

 

A server side virus scanner? Not going to happen, sorry. Sandbox emulation would be more than the server could take with the attacks, and non-sandboxed sample testing is dangerous (and also would be unbearably slow).

Close this, one of my minions.

 

Really isn't necessary, if you suspect a malicious file you can just scan it with an online scanner using the file's URL.

 

This.