How are new viruses detected?

P

peterlavington

Simple question - when a new virus is 'discovered' how exactly is it
done? Suppose I were to create a new virus the last person I would send
it to would be Norton or any of the other virus removal companies. So
how does the virus get to them so they can remove it?
 
D

David H. Lipman

From: <[email protected]>

| Simple question - when a new virus is 'discovered' how exactly is it
| done? Suppose I were to create a new virus the last person I would send
| it to would be Norton or any of the other virus removal companies. So
| how does the virus get to them so they can remove it?

Either through initial Heuristics or through end user or "other" people's submissions.

Some are captured via honeypots of one kind or another.
 
B

Bill

David said:
From: <[email protected]>

| Simple question - when a new virus is 'discovered' how exactly is it
| done? Suppose I were to create a new virus the last person I would send
| it to would be Norton or any of the other virus removal companies. So
| how does the virus get to them so they can remove it?

Either through initial Heuristics or through end user or "other" people's submissions.

Some are captured via honeypots of one kind or another.


I would assume that many of them, especially trojan malware, are
submitted by individuals. I cannot count the number of them I have
submitted to Kaspersky labs over the years. All it requires is someone
that is reasonably computer saavy to run across them and know enough to
know malware when they see it.
 
B

Bill

David said:
Either through initial Heuristics or through end user or "other" people's submissions.

I might add that some AV companies have made so tedious or impossible
to simply email them a sample that they only end up screwing
themselves. It's no wonder Kaspersky detects fo much more malware than
most. They allow samples to be submitted via email whether you are a
customer or not. I only submit to them anymore. The others can kiss my
ass.
 
D

David H. Lipman

From: "Bill" <[email protected]>


|
| I would assume that many of them, especially trojan malware, are
| submitted by individuals. I cannot count the number of them I have
| submitted to Kaspersky labs over the years. All it requires is someone
| that is reasonably computer saavy to run across them and know enough to
| know malware when they see it.

Yes.

I can't describe enough the ongoning process to get the AV vendors to recognize *all* the
new variants of ZLob Trojans ! We are working hard in submitting them and getting the
vendors to do heuristics on them.
 
D

David H. Lipman

From: "Bill" <[email protected]>

|
| David H. Lipman wrote:
||
| I might add that some AV companies have made so tedious or impossible
| to simply email them a sample that they only end up screwing
| themselves. It's no wonder Kaspersky detects fo much more malware than
| most. They allow samples to be submitted via email whether you are a
| customer or not. I only submit to them anymore. The others can kiss my
| ass.

I don't see a problem submitting samples. I do it at least twice a day, broadcasted to
numerous anti malware vendors. This evening I have sent multiple megabytes worth of malware
samples.

The following web page has *many* submission addresses. Note the standard is to ZIP the
sample(s) in a password protected ZIP file with the password being; infected
{ password = infected }

http://www.ik-cs.com/suspicious-files.htm
 
K

kurt wismer

Simple question - when a new virus is 'discovered' how exactly is it
done? Suppose I were to create a new virus the last person I would send
it to would be Norton or any of the other virus removal companies. So
how does the virus get to them so they can remove it?

guess what - even though you wouldn't send it to the av companies, a
number of others actually do...

but aside from that, there are heuristics and some people employ generic
detection techniques (change detection, behaviour monitoring,
sandboxing)... there are also honeypots run by all sorts of people (some
by av companies, some by independent professionals, some by amateurs)
that collect various types of malware...

and sometimes a virus or other malware sample will give itself away by
accident or by design...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top