Hey everyone,
There has been an increase in "Anyone know which virus this is?" posts
lately. The problem here is that it's almost impossible to name a
particular piece of malware based on a file name. Even with a few more
details it can be difficult to narrow something down with any accuracy.
So instead of posting a file name to the list and asking what it is, scan
the file with up to date AV with current definitions. If this doesn't
yield any results, try a Google search of the file name. Still no
results? Then send the sample to an AV vendor's submission address. This
way, you not only get a professional analysis of the malcode, but the
vendors can also add detection for it to help prevent you and other people
from becoming compromised again in the future. Here's a list of
submission addresses that Nick FitzGerald posted some time ago. If it's
out of date, please let me know.
Authentium (Command Antivirus) <virus@authentium.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <samples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir, Vexira engine) <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Network Associates (McAfee) <virus_research@nai.com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis@norman.no>
Panda Software <labs@pandasoftware.com>
Sophos Plc. <support@sophos.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
(Trend may only accept files from users of its products)
Cheers,
Marc Fossi
Symantec Corp.
www.symantec.com
