How are new viruses detected?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Simple question - when a new virus is 'discovered' how exactly is it
done? Suppose I were to create a new virus the last person I would send
it to would be Norton or any of the other virus removal companies. So
how does the virus get to them so they can remove it?


Re: How are new viruses detected?


| Simple question - when a new virus is 'discovered' how exactly is it
| done? Suppose I were to create a new virus the last person I would send
| it to would be Norton or any of the other virus removal companies. So
| how does the virus get to them so they can remove it?

Either through initial Heuristics or through end user or "other" people's
submissions.

Some are captured via honeypots of one kind or another.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How are new viruses detected?


David H. Lipman wrote:
Quoted text here. Click to load it


I would assume that many of them, especially trojan malware, are
submitted by individuals. I cannot count the number of them I have
submitted to Kaspersky labs over the years. All it requires is someone
that is reasonably computer saavy to run across them and know enough to
know malware when they see it.


Re: How are new viruses detected?



|
| I would assume that many of them, especially trojan malware, are
| submitted by individuals. I cannot count the number of them I have
| submitted to Kaspersky labs over the years. All it requires is someone
| that is reasonably computer saavy to run across them and know enough to
| know malware when they see it.

Yes.

I can't describe enough the ongoning process to get the AV vendors to recognize
*all* the
new variants of ZLob Trojans !  We are working hard in submitting them and
getting the
vendors to do heuristics on them.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How are new viruses detected?


David H. Lipman wrote:

Quoted text here. Click to load it

I might add that some AV companies have made so tedious or impossible
to simply email them a sample that they only end up screwing
themselves. It's no wonder Kaspersky detects fo much more malware than
most. They allow samples to be submitted via email whether you are a
customer or not. I only submit to them anymore. The others can kiss my
ass.


Re: How are new viruses detected?


|
| David H. Lipman wrote:
|
Quoted text here. Click to load it
|
| I might add that some AV companies have made so tedious or impossible
| to simply email them a sample that they only end up screwing
| themselves. It's no wonder Kaspersky detects fo much more malware than
| most. They allow samples to be submitted via email whether you are a
| customer or not. I only submit to them anymore. The others can kiss my
| ass.

I don't see a problem submitting samples.  I do it at least twice a day,
broadcasted to
numerous anti malware vendors.  This evening I have sent multiple megabytes
worth of malware
samples.

The following web page has *many* submission addresses.  Note the standard is to
ZIP the
sample(s) in a password protected ZIP file with the password being;  infected
{ password = infected }

http://www.ik-cs.com/suspicious-files.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How are new viruses detected?

peterlavington@hotmail.com wrote:
Quoted text here. Click to load it

guess what - even though you wouldn't send it to the av companies, a
number of others actually do...

but aside from that, there are heuristics and some people employ generic
detection techniques (change detection, behaviour monitoring,
sandboxing)... there are also honeypots run by all sorts of people (some
by av companies, some by independent professionals, some by amateurs)
that collect various types of malware...

and sometimes a virus or other malware sample will give itself away by
accident or by design...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Site Timeline