how do I report undetected malware?

Hi everyone. I'm new to this forumn, but over the past few days I've been lurking here, and I must say it's a great site!

Anyway, the reason I started looking at security websites is that I was recently infected with a virus that my brother downloaded and that my anti-virus program (Avast) was unable to detect. Using Jotti's online malware scan, no one but Kaspersky identified the executable as malware. I emailed the file to Avast, and they have since updated their definitions, as have VBA32.

Viruses tick me off, and I would like to report this virus to other anti-virus companies to help prevent further infections. However, I've had trouble finding a way to report unknown infected files. Could anyone tell me how to report the file to the following companies:

AntiVir, AVG, BitDefender, ClamAV, Dr. Web, F-Prot, Fortinet, mks_vir, NOD32, Norman Virus Control.

I'm unsure as to whether Norton or Mcafee or any other companies can detect this file, as they are not listed on Jotti's website.

Thank you for your help, and thank you for creating such a helpful forumn.

 

Hi,

Send the file to http://www.virustotal.com/flash/index_en.html which is another multi AV scanner where Norton is used (Symantec)

You can submit the file to Mcaffee by zipping the file and passwording it 'infected' and send to vsample@nai.com

It is automatically unzipped (as long as it is passworded 'infected' and you will get a reply e mail either saying

1) Our current Dats detect this as XXXXXX

or

2) Our strongest set of Heuristics had identified this as a possible virus, being fowarded to virus researcher

or

3) Our current dats do not detect any virus. this file is being refered to a researcher to check the file.

You will be contacted on the findings.

Hope this helps

Jlo

 

Should have said as well for other Antivirus software vendors

also zip the file and password it (tell the password in your e mail)

and send to

Bitdefender virus_submission@bitdefender.com

Trend Antivirus virus_doctor@trendmicro.co.uk

Sophos samples@sophos.com

Panda virussamples@pandasoftware.com

Norman analysis@norman.no

Nod32 samples@nod32.com

KAV newvirus@kaspersky.com

VBA Antivirus newvirus@anti-virus.by

MKS/Arcabit/Arcavir virus@arcabit.com

F-secure vsamples@f-secure.com

Fortinet submitvirus@fortinet.com

Dr Web vms@drweb.com (Password protect 'virus' Dont know whey but thats what they say!)

Computer Associates (Vet Inoculate etc) virus@ca.com

AVG virus@grisoft.com

Avast virus@asw.cz

Antivir virus@free-av.de

Authentium Antivirus virus@authentium.com

ahnlan AV v3sos@ahnlab.com

Sure their are many other but hope these are useful.

Cheers

Jlo

 

ESET has also a SECRET LIVE LINK for urgent things...

 

Cheers Happy Bytes

 

Virus submissions can be made for Clam here http://cgi.clamav.net/sendvirus.cgi

Bear in mind though that some of the AV vendors have access to all of Jotti's submissions so many will add defs just from getting it scanned by Jotti.

Cheers

Jlo

 

jlo-

Thanks for the help - I sent the infected file to all the addresses listed. Here are the results of the multi-AV scanner you recommended (VirusTotal):

Scan results
File: [removed]
Date: 05/09/2005 23:54:09 (CET)
----
AntiVir 6.30.0.12/20050509 found nothing
AVG 718/20050509 found nothing
BitDefender 7.0/20050509 found nothing
ClamAV devel-20050501/20050509 found nothing
DrWeb 4.32b/20050509 found nothing
eTrust-Iris 7.1.194.0/20050509 found nothing
eTrust-Vet 11.9.1.0/20050509 found nothing
Fortinet 2.51/20050509 found nothing
Ikarus 2.32/20050509 found [suspicious program sequence found]
Kaspersky 4.0.2.24/20050509 found [removed]
McAfee 4487/20050509 found nothing
NOD32v2 1.1091/20050509 found nothing
Norman 5.70.10/20050503 found nothing
Panda 8.02.00/20050509 found nothing
Sybari 7.5.1314/20050509 found nothing
Symantec 8.0/20050509 found nothing
VBA32 3.10.3/20050509 found [removed]


I'll keep you updated on how long it takes for the various companies to update their definitions. Personally, I'm interested to see how long it takes.

(P.S. I removed the malware name - I don't want to encourage anyone to spread it)

 

It's now been a little over 48 hours since I submitted the malware to the emails listed above. FYI, the file is a trojan that attempts to dial pay-XXX phone numbers. Good thing I use broadband and not a modem!

As of last night, eTrust-Isis, eTrust-Vet, Fortinet, and Sybari could detect the trojan. As of tonight, AntiVir can also detect it. When I submitted it to Avast last week, it took them under 48 hours to add definitions.

Symantec, McAfee, AVG, BitDefender, ClamAV, Dr. Web, F-Prot, mks_vir, NOD32, Norman Virus Control, and Panda can still not detect the trojan. I must say I'm disappointed at how long it's taking some of these companies to recognize new malware.

However, this little incident has been enough to convince me to purchase Kaspersky. I was previously considering their software, but this did it. They're the only ones who would have prevented the infection for me.

 

If anyone's interested, this is what the scanners detect today.

Jotti's malware scan:

AntiVir Found DIAL/302066 dialer
Avast Found Win32:Lisa
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Dial/Lisd.A
Kaspersky Anti-Virus Found not-a-virus:RiskWare.Dialer.gen
mks_vir Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found RiskWare.Dialer.gen

VirusTotal.com:

AntiVir 6.30.0.12 05.13.2005 DIAL/302066
AVG 718 05.13.2005 no virus found
Avira 6.30.0.12 05.13.2005 DIAL/302066
BitDefender 7.0 05.13.2005 no virus found
ClamAV devel-20050501 05.13.2005 no virus found
DrWeb 4.32b 05.13.2005 no virus found
eTrust-Iris 7.1.194.0 05.13.2005 Win32/Dluca.AH!Trojan
eTrust-Vet 11.9.1.0 05.13.2005 Win32.Dluca.AE
Fortinet 2.51 05.13.2005 Dial/Lisd.A
Ikarus 2.32 05.13.2005 suspicious program sequence found
Kaspersky 4.0.2.24 05.13.2005 not-a-virus:RiskWare.Dialer.gen
McAfee 4491 05.13.2005 no virus found
NOD32v2 1.1095 05.13.2005 no virus found
Norman 5.70.10 05.13.2005 no virus found
Panda 8.02.00 05.15.2005 no virus found
Sybari 7.5.1314 05.13.2005 Win32/Dluca.AH!Trojan
Symantec 8.0 05.13.2005 no virus found
VBA32 3.10.3 05.13.2005 RiskWare.Dialer.gen

This will be the last time I submit the file for scanning - the time has come for me to delete it permanently. I must say I'm disappointed that it takes over 4 days for so many companies to update their definitions.

 

Add BOClean- support@nsclean.com (please ZIP or RAR) We typically incude any malware submission within 24 hours. We understand sentiments like those expressed by Skekr.