How do I report new malware?
Note: All the information on this post has been copied from the TechSupport article here.
Every major antimalware vendor has a dedicated E-mail address through which new samples can be submitted. The procedure is as follows:
- Configure your Email client
- Make a password protected archive and add the sample to it. The password should be "infected".
- Send the sample to the following email addresses, with the subject "The password is infected":
Ahnlab Antivirus - v3sos@ahnlab.com
AVAST Antivirus - virus@avast.com
Avira Antivirus - virus@avira.com
Bit Defender - virus_submission@bitdefender.com
Bluepoint Security - samples@bluepointsecurity.com
Comodo Antivirus - malwaresubmit@avlab.comodo.com
Dr Web - vms@drweb.com
EMCO Antivirus - malware@emcosoftware.com
Emsisoft Antivirus - submit@emsisoft.com
eSafe Security - virus@esafe.com
eScan Antivirus - samples@escanav.com
Fortinet Antivirus - submitvirus@fortinet.com
Spy Emergency - research@spy-emergency.com
F-PROT Antivirus - viruslab@f-prot.com
FSB Antivirus - labs@fsb-antivirus.com
F-Secure - vsamples@f-secure.com
Orbitech Hazard Shield - virus@orbitech.org
IKARUS Security Software - samples@ikarus.at
Immunet Antivirus - submit@samples.immunet.com
K7 Antivirus - k7viruslab@labs.k7computing.com
Kaspersky - newvirus@kaspersky.com
Jiangmin Antivirus - support@jiangmin.com
Lavasoft Antivirus and Antimalware - research@lavasoft.com
McAfee Avert Stinger - virus_research@avertlabs.com
Micropoint Anrivirus - virus@micropoint.com.cn
Microsoft Security Essentials - avsubmit@submit.microsoft.com
Nano Antivirus - virus@nanoav.ru
ESET Antivirus - samples@eset.com
Noralabs Norascan Antivirus - support@noralabs.com
Norman Security Suite - analysis@norman.no
enter link description herenProtect - virus_info@inca.co.kr
Panda Security - virus@pandasecurity.com
Psafe Total - psafe@psafe.com
360Safe - kefu@360.cn
Rubus Ozone Antivirus - support@rubus.co.in
Smartcop Antivirus - virus@s-cop.com
Sophos - samples@sophos.com
Spybot Search and Destroy - detections@spybot.info
SRN Micro Antivirus - vlab@srnmicro.com
Symantec Antivirus - avsubmit@symantec.com
Moosoft Antivirus - trojans@moosoft.com
Hacksoft Antivirus - virus@hacksoft.com.pe
Thirtyseven4 Antivirus - virus@thirtyseven4.com
CA Technologies - virus@ca.com
Trojan Hunter - submit@trojanhunter.com
Simply Super Trojan Remover - support@simplysup.com
Filseclab Antivirus - virus@filseclab.com
ThreatTrack Security - malware-cruncher@sunbelt-software.com
ViRobot Antivirus - viruslab@hauri.co.kr
Virus Block Ada - newvirus@anti-virus.by
Webroot Antivirus - esupport@webroot.com
Zillya! Antivirus - virus@zillya.com
Kingsoft Antivirus - huangruimin@kingsoft.com
MKS - pomoc@mks.com.pl
Aegislab Antivirus - support@aegislab.com
Quick Heal Antivirus - viruslab@quickheal.com
Outpost Antivirus - trojans@agnitum.com
Baidu Antivirus - bav@baidu.com
TL;DR: I would suggest that submitting to VirusTotal is enough.
Details:
Because there are so many samples of malware and the fact that each binary in modern malware campaigns can be tested to be FUD (fully undetectable), VirusTotal is your best best I would argue. It may or may not be picked up by vendors, but this gives you the best shot of doing some good.
Here is a older link speaking to FUD and why your sample might not be detected: http://www.symantec.com/connect/blogs/fully-undetectable-cryptors-and-antivirus-detection-arms-race
My only caveat to this recommendation would be if you think you have something really interesting or unique (think Flame, Stuxnet, etc.). If that is the case, I would suggest contacting a vendor directly and provide some evidence of why you think this is unique.
Here is some information from VirusTotal about what/who they share with (https://www.virustotal.com/en/about/):
VirusTotal and confidentiality
Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection.
By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.
Hope that helps!
- http://www.uploadmalware.com/
- http://www.virussign.com/
- https://www.mywot.com/wiki/Malware_submission
Hope that this is enough, you may want to make your own publication about this malware after time you can put it into your CV.