« previous next »
Pages: [1]   Go Down

Author Topic: If virustotal checks a malware sample, are those sent to AV vendors?  (Read 10087 times)

0 Members and 1 Guest are viewing this topic.

January 02, 2010, 10:21:01 am
Read 10087 times

|Z|

  • Newbie
  • Offline
  • *
  • 0
If virustotal checks a malware sample, are those sent to AV vendors?
I have a very strange question. If virustotal checks a malware sample, are those sent to AV vendors?
Why am I asking this? Because it is said, that yes, the samples are sent to AV vendors. But the practice does not follow this assumption.

Here are two scans results of the same malware:

http://www.virustotal.com/analisis/8997c271747fbb83d870ffe9f6ad034d
http://www.virustotal.com/analisis/a5b12389a3f23687c787eeb0a2ab12bf

The first was scanned on 2008.11.11 with detection rate of 6/36, the second scan was performed on 2009.03.18 with detection rate 9/39. One of the 3 new AV vendors detecting it were new in virustotal at all, and two of them detect it because they have already found what the malware is about. Although this is only one case, I bet everybody can find such examples in a very short time.

But the question remains, are those samples sent to AV vendors? If yes, why they didn't react in 4 months, if they are not sent, why???
Logged
January 02, 2010, 12:39:00 pm
Reply #1

cleanmx

  • Special Members
  • Hero Member
  • Offline
  • *
  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
Re: If virustotal checks a malware sample, are those sent to AV vendors?
i don't think they sent samples to av-vendors, we are working with avira, and avira in my knowledege has no active channel from/to virustotal.

avira will pick up every incident from clean mx (our page  see also thread: http://www.malwaredomainlist.com/forums/index.php?topic=3190.0)

also threadexpert and anubis/wekawet do not exchange data with av-vendors ....

perhaps someone else may shade some light on this...

-- gehard
Logged
January 24, 2010, 12:10:10 am
Reply #2

CM_MWR

  • Special Members
  • Hero Member
  • Offline
  • *
  • 319
Re: If virustotal checks a malware sample, are those sent to AV vendors?
O I believe Avira gets a steady feed of files from vt ;)
Logged
November 19, 2010, 03:33:00 am
Reply #3

tjs

  • Special Members
  • Sr. Member
  • Offline
  • *
  • 248
Re: If virustotal checks a malware sample, are those sent to AV vendors?
I don't want to comment about whether or not virustotal sends samples to av vendors, bu I will say this: some av vendors receive hundreds of thousands of samples per day. Adding detection for every one is impossible and also pointless these days. The only things worth detecting are threats that actually impact real people, and not every "test" file packed or obfuscated that somehow makes it to the vendors... same argument applies to all the so-called "tester" agencies who still test against DOS viruses and give vendors a hard time when detection for these long extinct issues are removed.

Cost vs. Benefit. :)

tjs
Sent from my phone (sorry about typos etc)
Logged
Pages: [1]   Go Up
« previous next »