Security Resource Thread

[mechBgon]

:thumbsup:

GOING ON THE OFFENSIVE
Ever wanted to dish out some payback to the bad guys who make malicious software? Well here you go... how to report malware to security vendors.

How to check whether your samples are already detected:

• VirusTotal.com
• Jotti

WHERE TO REPORT MALWARE

• Microsoft's malware-submission site They will email you preliminary and final anayses. Turnaround time is usually about 1 day. This helps them improve Windows Defender, OneCare, and the monthly Malicious Software Removal Tool.
  
• Kaspersky Lab is quite responsive to malware submissions. Turnaround time is usually below 2 hours and the stuff is handled by real people. Email the files to newvirus kaspersky com or send them a link to the malware.
  
• AntiVir / Avira has an automated submission page. Turnaround time is 1-2 days. They do analyze the stuff you send.
  
• Symantec / Norton has an automated submission page. Turnaround time can be slow. It has a 9-file limit, and that includes decompression of compound files, so submit in small batches. Don't use password protection here.
  
• McAfee / NAI has their Webimmune.net portal, where you can submit malware and have it ignored by McAfee FOREVAR To be properly ignored, submissions must be in a Zip file that's password-protected with the password infected. Otherwise they will be ignored anyway, but not in a thorough fashion.
  
• ClamAV has an upload page where you can submit up to two samples per day. Response time may be quite slow.
  
• You can report downloadable malware by its URL at CastleCops' MIRT reporting page. The information goes out to many security vendors. This is a great place to report the URLs from the bogus infectuous eCard spams that many of us receive.
  
  Be extremely careful when dealing with the links, since merely clicking on them may launch exploit attempts. Type the URL manually in order to report it, unless you have some practice in safely handling malicious links.
  
  
• CastleCops also has reporting pages for phish and Spam.
  
• Some other vendors' malware-submission emails:
  
  • samples eset com (NOD32)
  • samples f-secure com (F-Secure)
  • samples sophos com (Sophos)
  • virus avast com (Avast)
  • virus ca com (Computer Associates)
  • virus grisoft com (Grisoft / AVG)
  • virus_doctor trendmicro com (TrendMicro)
  • virus_submission bitdefender com (BitDefender)
  • virussamples pandasoftware com (Panda)

Note: if you're emailing samples, send the malware in a password-protected Zip file. I usually use 7-zip. For the password, use infected and make sure you tell the password in your email.

 

[Schadenfroh]

Hello and welcome to AnandTech's Security subforum. Please take the time to familiarize yourself with forum policy.

The AT Security subforum is NOT categorized as a social forum, so please strive to be on-topic, helpful and professional.

If you have a virus:

• (Optional, as it is intended as a tool, not as a replacement for thorough virus removal) Try this automatic virus removal script.
• Follow the steps in forum member John's malware removal guide.
• Post your HijackThis log in Computer Help as a thread to see if there was anything missed during cleaning.

Removal and Prevention Guides:
Malware (virus / spyware) removal and prevention guides:

• Forum Member John's Security (Malware removal / prevention) Guide
  
• Forum Member mechBgon's Security Guide
  
• Automated Malware Removal Script Package (remove viruses and spyware automatically)

Please PM me information that you feel is valuable / relevant and should be added to the OP of this thread.