Alternate to Web mail submission of malicious samples?

Hello All,

I usually send many samples to samples@eset.com. But very rarely they get added to the database that too after a long time

So, i would like to know is there any alternate way for submitting malicious samples other than web mail. Or is it possible to give it to ESET moderator, So, he can direclty give it to ESET Labs/Dev team. Here is the screenshot, the way i send the samples via Web MAil

Thanks,
Harsha.

 

I personally send them several files daily, I would contact Marcos via PM and see where your emails are landing.

 

Thanks elapsed! for your immediate and kind reply.
If you need any more details, i can give it to you (like e-mail id from which i am sending) via PM.

Just one Question - are the defs being added for the samples which you sent?
Wat about any alternate submisson method? Is there any?

Thanks,
Harsha.

 

Great! All the samples have been added to the database. I got around 7 mails for different samples quoting Thanks
Atlast, these definitions have been added after 5 days...
Is there anyother way for submitting samples other than Web Mail?

-Harsha

 

As far as I know, nope. At least not a better one anyway. But I usually get a response on the same day, or none at all and it's just added. What I usually do is zip them up in 1 passworded 1 non passworded. Quarantine the non-passworded and send the passworded. Then you can scan the entire zip after restoring it from quarantine and see what's been added. Some viruses are prioritized over others so don't be disappointed if not all were added, they are probably in the queue for a later update.

I also separate my emails into virus families: FakeAV, ZBot, PDF, etc and "unknown" for everything else. This helps prioritize and manage by importance, since ESET dedicates different analysts to different threats.

 

Thanks for the information elapsed.
I just sent 8 samples (each file made password archive) to Labs with virustotal and CIMA results and let me check when they get added to the database.

From next time onwards, i'll send all the samples in a singe password archive. i guess it might be better...

-Harsha.

 

How did you manage to infect your computer with such stuff? Some of the files are blocked by the web scanner.

 

Disable AV, download file, scan file, send file.

I don't think he's infecting he's PC, he's probably doing it as a hobby like me.

 

As elapsed said, It's a kind of hobby, to fight against viruses and help the antivirus company. I'm not at all infecting my machine.

Marcos, Almost all the samples which i sent to labs are missed by webscanner and every other module NOD32 has. So, do i need to mention in my e-mail, that these samples are missed by webscanner. So, that dev team will try to tweak the web scanner to catch these at first line of defense?
One more thing, i download various malicious samples while every module of NOD32 are enabled only. I even check by double-clicking the file to know whether this will get caught by NOD32 at runtime or not through Sanboxie only (but unfortunately none are caught). So, that it will not infect my system permanently

Precautions i take while playing with these samples -
1. i'll run these samples only under sandboxie.
2. i have CIS 3.8, so, these samples can be isolated at any point of time. Believe me, it really does an excellent Job (D+)
3. i'll test these samples at CIMA/threatfire. To compare whether these files/registry are present in my system or not. As, i use sandboxie, i never get these bastards copied into my system

Marcos, one more question, What to do if i have file which cannot be unpacked NOD32. Where to send this file. Please let me know about the procedure?

Thanks (for such a small post),
Harsha

 

Send it to the same place, sometimes they use a customized version of a packer, and another tip, don't expect a reply on the weekend, it is very rare (happened only twice to me).