There has been an increase in "Anyone know which virus this is?" posts
lately. The problem here is that it's almost impossible to name a
particular piece of malware based on a file name. Even with a few more
details it can be difficult to narrow something down with any accuracy.
So instead of posting a file name to the list and asking what it is, scan
the file with up to date AV with current definitions. If this doesn't
yield any results, try a Google search of the file name. Still no
results? Then send the sample to an AV vendor's submission address. This
way, you not only get a professional analysis of the malcode, but the
vendors can also add detection for it to help prevent you and other people
from becoming compromised again in the future. Here's a list of
submission addresses that Nick FitzGerald posted some time ago. If it's
out of date, please let me know.
Authentium (Command Antivirus) <virus (at) authentium (dot) com [email concealed]>
Computer Associates (US) <virus (at) ca (dot) com [email concealed]>
Computer Associates (Vet/EZ) <ipevirus (at) vet.com (dot) au [email concealed]>
DialogueScience (Dr. Web) <Antivir (at) dials (dot) ru [email concealed]>
Eset (NOD32) <sample (at) nod32 (dot) com [email concealed]>
F-Secure Corp. <samples (at) f-secure (dot) com [email concealed]>
Frisk Software (F-PROT) <viruslab (at) f-prot (dot) com [email concealed]>
Grisoft (AVG) <virus (at) grisoft (dot) cz [email concealed]>
H+BEDV (AntiVir, Vexira engine) <virus (at) antivir (dot) de [email concealed]>
Kaspersky Labs <newvirus (at) kaspersky (dot) com [email concealed]>
Network Associates (McAfee) <virus_research (at) nai (dot) com [email concealed]>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis (at) norman (dot) no [email concealed]>
Panda Software <labs (at) pandasoftware (dot) com [email concealed]>
Sophos Plc. <support (at) sophos (dot) com [email concealed]>
Symantec (Norton) <avsubmit (at) symantec (dot) com [email concealed]>
Trend Micro (PC-cillin) <virus_doctor (at) trendmicro (dot) com [email concealed]>
(Trend may only accept files from users of its products)
There has been an increase in "Anyone know which virus this is?" posts
lately. The problem here is that it's almost impossible to name a
particular piece of malware based on a file name. Even with a few more
details it can be difficult to narrow something down with any accuracy.
So instead of posting a file name to the list and asking what it is, scan
the file with up to date AV with current definitions. If this doesn't
yield any results, try a Google search of the file name. Still no
results? Then send the sample to an AV vendor's submission address. This
way, you not only get a professional analysis of the malcode, but the
vendors can also add detection for it to help prevent you and other people
from becoming compromised again in the future. Here's a list of
submission addresses that Nick FitzGerald posted some time ago. If it's
out of date, please let me know.
Authentium (Command Antivirus) <virus (at) authentium (dot) com [email concealed]>
Computer Associates (US) <virus (at) ca (dot) com [email concealed]>
Computer Associates (Vet/EZ) <ipevirus (at) vet.com (dot) au [email concealed]>
DialogueScience (Dr. Web) <Antivir (at) dials (dot) ru [email concealed]>
Eset (NOD32) <sample (at) nod32 (dot) com [email concealed]>
F-Secure Corp. <samples (at) f-secure (dot) com [email concealed]>
Frisk Software (F-PROT) <viruslab (at) f-prot (dot) com [email concealed]>
Grisoft (AVG) <virus (at) grisoft (dot) cz [email concealed]>
H+BEDV (AntiVir, Vexira engine) <virus (at) antivir (dot) de [email concealed]>
Kaspersky Labs <newvirus (at) kaspersky (dot) com [email concealed]>
Network Associates (McAfee) <virus_research (at) nai (dot) com [email concealed]>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis (at) norman (dot) no [email concealed]>
Panda Software <labs (at) pandasoftware (dot) com [email concealed]>
Sophos Plc. <support (at) sophos (dot) com [email concealed]>
Symantec (Norton) <avsubmit (at) symantec (dot) com [email concealed]>
Trend Micro (PC-cillin) <virus_doctor (at) trendmicro (dot) com [email concealed]>
(Trend may only accept files from users of its products)
Cheers,
Marc Fossi
Symantec Corp.
www.symantec.com
[ reply ]