How do I report new malware?

Note: All the information on this post has been copied from the TechSupport article here.

Every major antimalware vendor has a dedicated E-mail address through which new samples can be submitted. The procedure is as follows:

  1. Configure your Email client
  2. Make a password protected archive and add the sample to it. The password should be "infected".
  3. Send the sample to the following email addresses, with the subject "The password is infected":

Ahnlab Antivirus - [email protected]
AVAST Antivirus - [email protected]
Avira Antivirus - [email protected]
Bit Defender - [email protected]
Bluepoint Security - [email protected]
Comodo Antivirus - [email protected]
Dr Web - [email protected]
EMCO Antivirus - [email protected]
Emsisoft Antivirus - [email protected]
eSafe Security - [email protected]
eScan Antivirus - [email protected]
Fortinet Antivirus - [email protected]
Spy Emergency - [email protected]
F-PROT Antivirus - [email protected]
FSB Antivirus - [email protected]
F-Secure - [email protected]
Orbitech Hazard Shield - [email protected]
IKARUS Security Software - [email protected]
Immunet Antivirus - [email protected]
K7 Antivirus - [email protected]
Kaspersky - [email protected]
Jiangmin Antivirus - [email protected]
Lavasoft Antivirus and Antimalware - [email protected]
McAfee Avert Stinger - [email protected]
Micropoint Anrivirus - [email protected]
Microsoft Security Essentials - [email protected]
Nano Antivirus - [email protected]
ESET Antivirus - [email protected]
Noralabs Norascan Antivirus - [email protected]
Norman Security Suite - [email protected]
enter link description herenProtect - [email protected]
Panda Security - [email protected]
Psafe Total - [email protected]
360Safe - [email protected]
Rubus Ozone Antivirus - [email protected]
Smartcop Antivirus - [email protected]
Sophos - [email protected]
Spybot Search and Destroy - [email protected]
SRN Micro Antivirus - [email protected]
Symantec Antivirus - [email protected]
Moosoft Antivirus - [email protected]
Hacksoft Antivirus - [email protected]
Thirtyseven4 Antivirus - [email protected]
CA Technologies - [email protected]
Trojan Hunter - [email protected]
Simply Super Trojan Remover - [email protected]
Filseclab Antivirus - [email protected]
ThreatTrack Security - [email protected]
ViRobot Antivirus - [email protected]
Virus Block Ada - [email protected]
Webroot Antivirus - [email protected]
Zillya! Antivirus - [email protected]
Kingsoft Antivirus - [email protected]
MKS - [email protected]
Aegislab Antivirus - [email protected]
Quick Heal Antivirus - [email protected]
Outpost Antivirus - [email protected]
Baidu Antivirus - [email protected]


TL;DR: I would suggest that submitting to VirusTotal is enough.

Details:

Because there are so many samples of malware and the fact that each binary in modern malware campaigns can be tested to be FUD (fully undetectable), VirusTotal is your best best I would argue. It may or may not be picked up by vendors, but this gives you the best shot of doing some good.

Here is a older link speaking to FUD and why your sample might not be detected: http://www.symantec.com/connect/blogs/fully-undetectable-cryptors-and-antivirus-detection-arms-race

My only caveat to this recommendation would be if you think you have something really interesting or unique (think Flame, Stuxnet, etc.). If that is the case, I would suggest contacting a vendor directly and provide some evidence of why you think this is unique.

Here is some information from VirusTotal about what/who they share with (https://www.virustotal.com/en/about/):

VirusTotal and confidentiality

Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection.

By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.

Hope that helps!


  1. http://www.uploadmalware.com/
  2. http://www.virussign.com/
  3. https://www.mywot.com/wiki/Malware_submission

Hope that this is enough, you may want to make your own publication about this malware after time you can put it into your CV.