Glad someone put that list back up. =) Don't forget VirusTotal.com -
if you don't happen to have 12 antivirus engines at hand, submitting a
file to them will help. ;) I've never had to wait longer then 45
seconds for an answer. (See a list of all AV engines they use[1]. )
You simply goto the home page[2], click the "Browse" button to select
your file, then click the send button. Less then a moment later your
scan results are starting you in the face. It also has a feature that
will (optionally) distribute your file to AV firms. It's enabled by
default, but clicking the icon will disable it if you'd rather keep
the file private. Here's a sample scan[3] of the command line port
scanner "scan1000.exe" (known to be detected as a "hack tool" of sorts
due to it's popular inclusion with rootkits).
[1] - http://www.virustotal.com/flash/virustotal_en.html
[2] - http://www.virustotal.com
[3] - http://www.guidoz.com/vtscan.txt
--
Peace. ~G
On Mon, 29 Nov 2004 10:23:19 -0700 (MST), Marc Fossi
<mfossi@securityfocus.com> wrote:
Hey everyone,
There has been an increase in "Anyone know which virus this is?" posts
lately. The problem here is that it's almost impossible to name a
particular piece of malware based on a file name. Even with a few more
details it can be difficult to narrow something down with any accuracy.
So instead of posting a file name to the list and asking what it is, scan
the file with up to date AV with current definitions. If this doesn't
yield any results, try a Google search of the file name. Still no
results? Then send the sample to an AV vendor's submission address. This
way, you not only get a professional analysis of the malcode, but the
vendors can also add detection for it to help prevent you and other people
from becoming compromised again in the future. Here's a list of
submission addresses that Nick FitzGerald posted some time ago. If it's
out of date, please let me know.
Authentium (Command Antivirus) <virus@authentium.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <samples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir, Vexira engine) <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Network Associates (McAfee) <virus_research@nai.com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis@norman.no>
Panda Software <labs@pandasoftware.com>
Sophos Plc. <support@sophos.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
(Trend may only accept files from users of its products)
Cheers,
Marc Fossi
Symantec Corp.
www.symantec.com
