VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Sunday, 1 January 2006

About VSUB

About VSUB

Virus Sample Submission System
VSUB is a an e-mail address used to send new (or suspected) malware samples to a list of anti-malware companies for review. Just send suspect files to the following e-mail address: vsub@arachnid.homeip.net. Alternatively, if you can't send e-mails with encrypted [password-protected] zips, then please contact me to find out how to submit samples via FTP.

VSUB is for end-users and security staff to submit suspicious files for review.

All samples posted will be checked by the administrator to ensure that only new malware samples are forwarded onto the anti-malware vendors.

All samples will be repackaged as required to ensure that the anti-malware vendors can accept them.

Samples submitted which are found to be infected by a known, rather than a new malware strain or variant will not be forwarded to the anti-malware companies. In this case the person who submitted the file will be informed of the result and sources of further information and protection from the known malware.

Samples that are (or appear to contain) new malware will be forwarded to the anti-malware vendors for full analysis.

Data on new samples submitted to the AV vendors can be found on the vsub blog at http://momusings.com/vsub/. If you want to keep up to date with new samples submitted, then you can subscribe to the RSS feed for the data on the new samples submitted.

Details of who supplied the sample will NOT be posted to the vsub blog, only details on the sample itself (such as Filename, Size, Type, MD5 hash, CRC32 checksum and other sample specific information) will be posted. Furthermore this will ONLY happen if the sample is a new malware strain or variant.

More details below:
ALL postings come to the moderator for evaluation, and will be actioned accordingly:

New malware samples (new variants/malcode not detected by a test suite of products) and a quick analysis will be:

a. catalogued, and this data posted on my site, as a heads-up (no samples, only data).

b. sent onto the anti-malware companies for analysis. Data received back from the anti-malware vendors may be posted on the site.

Known malware samples received

a. Person who submitted the sample will be informed, along with links for further information.

Anyone can submit samples.

Submitting samples to the vsub e-mail address does NOT automatically send them onto the anti-malware vendors.

ALL postings are moderated, and all samples are validated and catalogued.

Samples will only be sent to the anti-malware vendors.

No user data will be posted to the blog only passed onto the anti-malware vendors along with the samples (to aid resolution or to gain more information from the person who submitted the sample).

If you represent an anti-malware company which is not already on my list of vendors, then please send details to me for review and possible inclusion.