Jump to content

Where to submit older undetected virus files?


Recommended Posts

I came across a virus that is missed by Malwarebytes but hits numerous times on Virustotal. I want to submit it to Malwarebytes but the forum to do this in only accepts viruses first discovered less than 3 months ago (I don't really understand this but whatever) - the one I found is about a year old.

Can anyone point me in the right direction? Thanks!

Link to post
Share on other sites

What you referred to is the guidelines to malicious disk file submissions.  Malwarebytes is not a historical anti malware solution and uses its signatures to only target NEW, emerging, files and not old files.  The "three month old" guideline is not a hard rule.  A undetected file that is 4 or 5 months may still get targeted by the creation of a signature but 3 months represents a relative threshold.  Therefore old files will not be accepted for signature creation consideration.  Malwarebytes does not accept malware libraries of files (aka; Zoos or Collections).

Note also the guidelines is specific about "viruses".  MBAM does not target file infecting viruses.  Only a dropper that starts a viral infection of legitimate files.  The terminology of "viruses" is overly used and abused.  The overarching concept is malware which is a concatenation  of parts of the words MALicious and softWARE and covers viruses and worms, exploit code and trojans.  All malicious disk files have that time limitation.  Virus Total is useful in determining the age of a given malicious file.  In a Virus Total Report is the "First Submission" date.  That is the date where someone first submitted a given file to Virus Total and then can be used to gauge the file's age.

Example:
https://www.virustotal.com/gui/file/6c78152760aa6d3d27528e2443dc599129e5b85988f4f3286b06d07ffd13f63e/detection

The Report shows a "First Submission  2021-04-20"  date which shows this is a new malicious file.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

Hello David, thank you for the response. Indeed the malware I found was first submitted to Virustotal just over a year ago so would not be deemed acceptable for submission: https://www.virustotal.com/gui/file/5be9011089266db25848f5961a51ad7256512329a6118167eac2d7fd66489d57/details

Forgive me, but I don't have a lot of technical knowledge about this topic so I may be misunderstanding something - is it the case that there is no way this malware can be submitted to Malwarebytes so it can be caught in future scans?

Link to post
Share on other sites

No, sorry.

MBAM has two proactive modules;  anti ransomware and anti exploitation.  MBAM will use these modules to block the malicious actions that older malware may perform.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.