laurentio
31st March 2009, 03:36 AM
The best place to report incidents of malware and spyware is to your security software provider. In cases where cleaning/removal of infections is unsuccessful, technical support pages should be checked for further information and the technical support department of your security provider contacted for further assistance if required.
Many products are able to automatically send details of detections, often including samples of malware or suspected malware, to research labs as they are detected, for further analysis and statistical information. We would encourage all users to activate such functionality where possible, to help provide best-possible protection for other users and to ensure security experts are able to monitor potential major outbreaks.
In some cases it may be preferable to send samples manually, for example via email. We strongly advise against sending viruses via email in unencrypted form - password-protected archives are generally acceptable and PGP-style encryption techniques are even safer. Individual firms have their own requirements and advice on how to submit samples. The following list provides malware submission details for most of the major anti-malware firms.
Agnitum (Outpost) A web form is provided to upload suspected malware samples and false positives, here (http://www.agnitum.com/support/submit_files.php).
AhnLab (V3Net) An online sample-submission system is provided here (http://global.ahnlab.com/global/virusreport_main.ESD).
Aladdin (eSafe) A web form is provided for technical support contacts and sample submission here (http://wts.ealaddin.com/). eSafe customers only, requires login, works with Internet Explorer only.
Alwil (Avast!) A web form is provided for users to report incidents of infection for statistical analysis purposes here (http://www.avast.com/eng/virus-incident-report.php). Virus sample submissions can be made via email to virus@avast.com.
AVAST
If you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP file with the password 'virus' (so that the attachment is not deleted by some other antivirus software on the way).
Avira (AntiVir) The company provides an email address for sample submissions, virus@avira.com, and recommends that samples are sent as password-protected archives. Details of submission requirements are here (http://www.avira.com/en/threats/submit_suspicious_files.html).
AVG The company provides an email address for sample submissions, virus@avg.com, and recommends that samples are sent as password-protected archives.
Bullguard The company provides an email address for sample submissions: infection@bullguard.com.
CA (eTrust, CA Anti-Virus) An online submission form is provided here (http://ca.com/us/securityadvisor/submitmalware.aspx), with advice on what to send and how to send it here (http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=33514).
Central Command (Vexira) Samples can be sent by email to virus@centralcommand.com.
Dr.Web An email address is provided for sample submissions: vms@drweb.com.
eEye Digital Security (Blink) eEye accepts samples via its support system (for paying users) or by email (in password-protected archives) at malware@eeye.com.
Frisk (F-PROT) An online form is provided for submission of suspicious files, here (http://www.f-prot.com/virusinfo/submission_form.html). A PGP key is provided for secure transfer, here (http://www.f-prot.com/virusinfo/virlab_key.html).
F-Secure Advice on useful steps to take prior to submitting samples can be found here (http://support.f-secure.com/enu/home/virusproblem/sample/). A sample submission system - for the submission of samples including malware, false positives, pages for parental filtering and spam/phishing emails - can be found here (http://www.f-secure.com/samples/).
Fortinet (FortiClient) Samples can be submitted via an online scanner system here (http://www.fortiguardcenter.com/antivirus/virus_scanner.html), or manually by email. Full instructions are here (http://www.fortiguardcenter.com/antivirus/submit.html).
Hauri (ViRobot) An online reporting system is operated for the reporting of suspected malware here (http://www.hauri.net/support/support/virus_reg.html?menu=QTAz).
Kaspersky Labs The company provides an email address for the submission of suspected malware samples: newvirus@kaspersky.com.
K7 Computing Samples can be sent (ideally in password-protected zips) to k7viruslab@k7computing.com.
Lavasoft (AdAware) Sample submissions are accepted via an online form here (http://upload.lavasoft.com/upload/submit_file.php/). Alternatively, samples can be emailed to research@lavasoft.com.
McAfee Sample submissions should be made via the Avert Labs WebImmune website here (https://www.webimmune.net/) (free user registration is required). Alternatively, samples can be emailed to Virus_Research@avertlabs.com.
Microsoft (OneCare, Forefront) Microsoft offers a malware-submission system as part of its security portal, here (https://www.microsoft.com/security/portal/submit.aspx).
Microworld (eScan)The company's support department can be contacted at support@mwti.net for details of how to submit suspect files.
Norman Suspect files can be submitted to Norman's SandBox system for automated analysis. The upload page is here (http://www.norman.com/microsites/nsic/Submit/). Files that are thought to be false positive detections from Norman's products can be submitted here (http://www.norman.com/Support/fp/).
PC Tools (Spyware Doctor) An online submission system is provided, here (http://www.pctools.com/mrc/submit/).
Quick Heal The company provides an email address for sample submissions: viruslab@quickheal.com.
Rising An online form for submitting suspect samples is provided here (http://sample.rising-global.com/webmail/upload_en.htm) (maximum file size 5MB).
Sophos Suspect files can be submitted via email or through an online system, details and links for doing so are here (http://www.sophos.com/support/knowledgebase/article/11490.html). Mislabelled spam or non-spam messages can also be reported, instructions are here (http://www.sophos.com/support/knowledgebase/article/23113.html).
Sunbelt Software (Vipre/CounterSpy) An online submission system for unrecognized or problematic malware is provided here (http://research.sunbelt-software.com/software_submission.aspx), with a separate system for submitting suspected false positives here (http://research.sunbelt-software.com/developer_issue.aspx).
Symantec (Norton) Symantec provides details of how to submit suspect or problematic samples, depending on type of user and product, here (http://www.symantec.com/avcenter/submit.html).
Trend Micro Trend Micro provides a set of contact options for sample submission, with faster response times assured for paying users of its support services. The various methods can be accessed here (http://subwiz.trendmicro.com/SubWiz/Default.asp).
VirusBlokAda (VBA32) Samples can be sent to newvirus@anti-virus.by.
VirusBuster Samples can be submitted to VirusBuster's labs for analysis using the company's support system, which can be accessed from here (http://www.virusbuster.hu/en/support/contact/redirect_virus).
Phishing
General
APWG The Anti-Phishing Working Group (APWG), a global volunteer organization dedicated to combating phishing, offers an email address for reporting phishing scams, reportphishing@antiphishing.org, with more details on the organization's site here (http://www.antiphishing.org/report_phishing.html).
PhishTank PhishTank, another project maintained by free software developer OpenDNS, also accepts details of suspected phishing websites here (http://www.phishtank.com/).
Financial institutions
Phishing attacks targeting banks, building societies, credit unions or other financial institutions should be reported directly to the institution in question. Websites hosting phishing attacks should be reported to ISPs. Victims of identity theft and fraud should also report to local police.
The following is a list of some of the major online shopping sites and providers of financial services and their phishing/spam contact information:
Amazon Forward suspected phishing emails or send details to stop-spoofing@amazon.com.
eBay Email details to spoof@ebay.com (or your local version, e.g. spoof@ebay.co.uk).
PayPal Email details to spoof@paypal.com (or your local version, e.g. spoof@paypal.co.uk).
Western Union Email details to spoof@westernunion.com.
Most other online stores and banks will provide contacts for reporting suspected phishing, theft or other forms of cybercrime. These are usually displayed on the appropriate website.
Agencies
US-CERT Email details to phishing-report@us-cert.gov. Information on what data to include can be found here (http://www.us-cert.gov/nav/report_phishing.html).
Specialist anti-phishing companies
Fraudwatch InternationalFraudwatch International is an Australian company that combines education, monitoring and detection services, as well as preventative software solutions for consumers and corporate clients. The company's website (http://www.fraudwatchinternational.com/) lists the latest phishing alerts both by date and by company targeted as well as offering an alert service via email and RSS feeds. Phishing and other online fraud and scams can be reported by emailing scams@fraudwatchinternational.com.
Vulnerabilities
In general, researchers discovering vulnerabilities in software products can report them directly to the developers of the software. Local CERTs generally provide reporting systems for software vulnerabilities. Several specialized firms also provide reporting services, often including verification of claims and rapid trusted reporting systems.
iDefense iDefense runs a Vulnerability Contributor Program here (http://labs.idefense.com/vcp/), to which researchers can submit new vulnerabilities. A list of public vulnerability advisories is provided here (http://labs.idefense.com/intelligence/vulnerabilities/).
SecuniaSecunia provides a database of vulnerability advisories here (http://secunia.com/advisories/).
Tipping Point Zero Day Initiative The Zero Day Initiative (ZDI), founded by TippingPoint, is a programme for 'rewarding security researchers for responsibly disclosing vulnerabilities'. Details can be found here (http://www.zerodayinitiative.com/).
US-CERT Email details to cert@cert.org (cc to soc@us-cert.gov).
Developers
Many major development houses provide their own reporting systems for vulnerabilities and abuse, details should be provided by individual companies but a few of the most significant firms are listed below.
Microsoft Microsoft provides details of how to submit information relating to security vulnerabilities in its products and services here (http://www.microsoft.com/technet/security/bulletin/alertus.aspx).
Google Google provides information on how to submit security incidents involving its products and services here (http://www.google.com/corporate/security.html), requesting reports to be sent to security@google.com.
Adobe Adobe provides a form for reporting security issues associated with its products. Details of how to use the form, and a link to the form itself are here (http://www.adobe.com/support/security/alertus.html).
Many products are able to automatically send details of detections, often including samples of malware or suspected malware, to research labs as they are detected, for further analysis and statistical information. We would encourage all users to activate such functionality where possible, to help provide best-possible protection for other users and to ensure security experts are able to monitor potential major outbreaks.
In some cases it may be preferable to send samples manually, for example via email. We strongly advise against sending viruses via email in unencrypted form - password-protected archives are generally acceptable and PGP-style encryption techniques are even safer. Individual firms have their own requirements and advice on how to submit samples. The following list provides malware submission details for most of the major anti-malware firms.
Agnitum (Outpost) A web form is provided to upload suspected malware samples and false positives, here (http://www.agnitum.com/support/submit_files.php).
AhnLab (V3Net) An online sample-submission system is provided here (http://global.ahnlab.com/global/virusreport_main.ESD).
Aladdin (eSafe) A web form is provided for technical support contacts and sample submission here (http://wts.ealaddin.com/). eSafe customers only, requires login, works with Internet Explorer only.
Alwil (Avast!) A web form is provided for users to report incidents of infection for statistical analysis purposes here (http://www.avast.com/eng/virus-incident-report.php). Virus sample submissions can be made via email to virus@avast.com.
AVAST
If you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. The ideal way to send such files is to compress them as a ZIP file with the password 'virus' (so that the attachment is not deleted by some other antivirus software on the way).
Avira (AntiVir) The company provides an email address for sample submissions, virus@avira.com, and recommends that samples are sent as password-protected archives. Details of submission requirements are here (http://www.avira.com/en/threats/submit_suspicious_files.html).
AVG The company provides an email address for sample submissions, virus@avg.com, and recommends that samples are sent as password-protected archives.
Bullguard The company provides an email address for sample submissions: infection@bullguard.com.
CA (eTrust, CA Anti-Virus) An online submission form is provided here (http://ca.com/us/securityadvisor/submitmalware.aspx), with advice on what to send and how to send it here (http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=33514).
Central Command (Vexira) Samples can be sent by email to virus@centralcommand.com.
Dr.Web An email address is provided for sample submissions: vms@drweb.com.
eEye Digital Security (Blink) eEye accepts samples via its support system (for paying users) or by email (in password-protected archives) at malware@eeye.com.
Frisk (F-PROT) An online form is provided for submission of suspicious files, here (http://www.f-prot.com/virusinfo/submission_form.html). A PGP key is provided for secure transfer, here (http://www.f-prot.com/virusinfo/virlab_key.html).
F-Secure Advice on useful steps to take prior to submitting samples can be found here (http://support.f-secure.com/enu/home/virusproblem/sample/). A sample submission system - for the submission of samples including malware, false positives, pages for parental filtering and spam/phishing emails - can be found here (http://www.f-secure.com/samples/).
Fortinet (FortiClient) Samples can be submitted via an online scanner system here (http://www.fortiguardcenter.com/antivirus/virus_scanner.html), or manually by email. Full instructions are here (http://www.fortiguardcenter.com/antivirus/submit.html).
Hauri (ViRobot) An online reporting system is operated for the reporting of suspected malware here (http://www.hauri.net/support/support/virus_reg.html?menu=QTAz).
Kaspersky Labs The company provides an email address for the submission of suspected malware samples: newvirus@kaspersky.com.
K7 Computing Samples can be sent (ideally in password-protected zips) to k7viruslab@k7computing.com.
Lavasoft (AdAware) Sample submissions are accepted via an online form here (http://upload.lavasoft.com/upload/submit_file.php/). Alternatively, samples can be emailed to research@lavasoft.com.
McAfee Sample submissions should be made via the Avert Labs WebImmune website here (https://www.webimmune.net/) (free user registration is required). Alternatively, samples can be emailed to Virus_Research@avertlabs.com.
Microsoft (OneCare, Forefront) Microsoft offers a malware-submission system as part of its security portal, here (https://www.microsoft.com/security/portal/submit.aspx).
Microworld (eScan)The company's support department can be contacted at support@mwti.net for details of how to submit suspect files.
Norman Suspect files can be submitted to Norman's SandBox system for automated analysis. The upload page is here (http://www.norman.com/microsites/nsic/Submit/). Files that are thought to be false positive detections from Norman's products can be submitted here (http://www.norman.com/Support/fp/).
PC Tools (Spyware Doctor) An online submission system is provided, here (http://www.pctools.com/mrc/submit/).
Quick Heal The company provides an email address for sample submissions: viruslab@quickheal.com.
Rising An online form for submitting suspect samples is provided here (http://sample.rising-global.com/webmail/upload_en.htm) (maximum file size 5MB).
Sophos Suspect files can be submitted via email or through an online system, details and links for doing so are here (http://www.sophos.com/support/knowledgebase/article/11490.html). Mislabelled spam or non-spam messages can also be reported, instructions are here (http://www.sophos.com/support/knowledgebase/article/23113.html).
Sunbelt Software (Vipre/CounterSpy) An online submission system for unrecognized or problematic malware is provided here (http://research.sunbelt-software.com/software_submission.aspx), with a separate system for submitting suspected false positives here (http://research.sunbelt-software.com/developer_issue.aspx).
Symantec (Norton) Symantec provides details of how to submit suspect or problematic samples, depending on type of user and product, here (http://www.symantec.com/avcenter/submit.html).
Trend Micro Trend Micro provides a set of contact options for sample submission, with faster response times assured for paying users of its support services. The various methods can be accessed here (http://subwiz.trendmicro.com/SubWiz/Default.asp).
VirusBlokAda (VBA32) Samples can be sent to newvirus@anti-virus.by.
VirusBuster Samples can be submitted to VirusBuster's labs for analysis using the company's support system, which can be accessed from here (http://www.virusbuster.hu/en/support/contact/redirect_virus).
Phishing
General
APWG The Anti-Phishing Working Group (APWG), a global volunteer organization dedicated to combating phishing, offers an email address for reporting phishing scams, reportphishing@antiphishing.org, with more details on the organization's site here (http://www.antiphishing.org/report_phishing.html).
PhishTank PhishTank, another project maintained by free software developer OpenDNS, also accepts details of suspected phishing websites here (http://www.phishtank.com/).
Financial institutions
Phishing attacks targeting banks, building societies, credit unions or other financial institutions should be reported directly to the institution in question. Websites hosting phishing attacks should be reported to ISPs. Victims of identity theft and fraud should also report to local police.
The following is a list of some of the major online shopping sites and providers of financial services and their phishing/spam contact information:
Amazon Forward suspected phishing emails or send details to stop-spoofing@amazon.com.
eBay Email details to spoof@ebay.com (or your local version, e.g. spoof@ebay.co.uk).
PayPal Email details to spoof@paypal.com (or your local version, e.g. spoof@paypal.co.uk).
Western Union Email details to spoof@westernunion.com.
Most other online stores and banks will provide contacts for reporting suspected phishing, theft or other forms of cybercrime. These are usually displayed on the appropriate website.
Agencies
US-CERT Email details to phishing-report@us-cert.gov. Information on what data to include can be found here (http://www.us-cert.gov/nav/report_phishing.html).
Specialist anti-phishing companies
Fraudwatch InternationalFraudwatch International is an Australian company that combines education, monitoring and detection services, as well as preventative software solutions for consumers and corporate clients. The company's website (http://www.fraudwatchinternational.com/) lists the latest phishing alerts both by date and by company targeted as well as offering an alert service via email and RSS feeds. Phishing and other online fraud and scams can be reported by emailing scams@fraudwatchinternational.com.
Vulnerabilities
In general, researchers discovering vulnerabilities in software products can report them directly to the developers of the software. Local CERTs generally provide reporting systems for software vulnerabilities. Several specialized firms also provide reporting services, often including verification of claims and rapid trusted reporting systems.
iDefense iDefense runs a Vulnerability Contributor Program here (http://labs.idefense.com/vcp/), to which researchers can submit new vulnerabilities. A list of public vulnerability advisories is provided here (http://labs.idefense.com/intelligence/vulnerabilities/).
SecuniaSecunia provides a database of vulnerability advisories here (http://secunia.com/advisories/).
Tipping Point Zero Day Initiative The Zero Day Initiative (ZDI), founded by TippingPoint, is a programme for 'rewarding security researchers for responsibly disclosing vulnerabilities'. Details can be found here (http://www.zerodayinitiative.com/).
US-CERT Email details to cert@cert.org (cc to soc@us-cert.gov).
Developers
Many major development houses provide their own reporting systems for vulnerabilities and abuse, details should be provided by individual companies but a few of the most significant firms are listed below.
Microsoft Microsoft provides details of how to submit information relating to security vulnerabilities in its products and services here (http://www.microsoft.com/technet/security/bulletin/alertus.aspx).
Google Google provides information on how to submit security incidents involving its products and services here (http://www.google.com/corporate/security.html), requesting reports to be sent to security@google.com.
Adobe Adobe provides a form for reporting security issues associated with its products. Details of how to use the form, and a link to the form itself are here (http://www.adobe.com/support/security/alertus.html).