How are new viruses detected?

  • Thread starter Thread starter peterlavington
  • Start date Start date
P

peterlavington

Simple question - when a new virus is 'discovered' how exactly is it
done? Suppose I were to create a new virus the last person I would send
it to would be Norton or any of the other virus removal companies. So
how does the virus get to them so they can remove it?
 
From: <[email protected]>

| Simple question - when a new virus is 'discovered' how exactly is it
| done? Suppose I were to create a new virus the last person I would send
| it to would be Norton or any of the other virus removal companies. So
| how does the virus get to them so they can remove it?

Either through initial Heuristics or through end user or "other" people's submissions.

Some are captured via honeypots of one kind or another.
 
David said:
From: <[email protected]>

| Simple question - when a new virus is 'discovered' how exactly is it
| done? Suppose I were to create a new virus the last person I would send
| it to would be Norton or any of the other virus removal companies. So
| how does the virus get to them so they can remove it?

Either through initial Heuristics or through end user or "other" people's submissions.

Some are captured via honeypots of one kind or another.
Click to expand...


I would assume that many of them, especially trojan malware, are
submitted by individuals. I cannot count the number of them I have
submitted to Kaspersky labs over the years. All it requires is someone
that is reasonably computer saavy to run across them and know enough to
know malware when they see it.
 
David said:
Either through initial Heuristics or through end user or "other" people's submissions.
Click to expand...

I might add that some AV companies have made so tedious or impossible
to simply email them a sample that they only end up screwing
themselves. It's no wonder Kaspersky detects fo much more malware than
most. They allow samples to be submitted via email whether you are a
customer or not. I only submit to them anymore. The others can kiss my
ass.
 
From: "Bill" <[email protected]>


|
| I would assume that many of them, especially trojan malware, are
| submitted by individuals. I cannot count the number of them I have
| submitted to Kaspersky labs over the years. All it requires is someone
| that is reasonably computer saavy to run across them and know enough to
| know malware when they see it.

Yes.

I can't describe enough the ongoning process to get the AV vendors to recognize *all* the
new variants of ZLob Trojans ! We are working hard in submitting them and getting the
vendors to do heuristics on them.
 
From: "Bill" <[email protected]>

|
| David H. Lipman wrote:
||
| I might add that some AV companies have made so tedious or impossible
| to simply email them a sample that they only end up screwing
| themselves. It's no wonder Kaspersky detects fo much more malware than
| most. They allow samples to be submitted via email whether you are a
| customer or not. I only submit to them anymore. The others can kiss my
| ass.

I don't see a problem submitting samples. I do it at least twice a day, broadcasted to
numerous anti malware vendors. This evening I have sent multiple megabytes worth of malware
samples.

The following web page has *many* submission addresses. Note the standard is to ZIP the
sample(s) in a password protected ZIP file with the password being; infected
{ password = infected }

http://www.ik-cs.com/suspicious-files.htm
 
Simple question - when a new virus is 'discovered' how exactly is it
done? Suppose I were to create a new virus the last person I would send
it to would be Norton or any of the other virus removal companies. So
how does the virus get to them so they can remove it?
Click to expand...

guess what - even though you wouldn't send it to the av companies, a
number of others actually do...

but aside from that, there are heuristics and some people employ generic
detection techniques (change detection, behaviour monitoring,
sandboxing)... there are also honeypots run by all sorts of people (some
by av companies, some by independent professionals, some by amateurs)
that collect various types of malware...

and sometimes a virus or other malware sample will give itself away by
accident or by design...
 
Back
Top