Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Flash player installer. How or where can I report it?


  • Please log in to reply
2 replies to this topic

#1 Almarma

Almarma

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 10 January 2017 - 09:14 AM

Hi!

 

I'm a IT technician and I use Macs at home. I also try to give advices and user tips to my customers to improve their security. Sometimes, around the internet, I find some scams or ads telling me I have viruses or something weird and I sometimes download it just to test antivirus software, or just to try to imitate my customers to try to learn about how they get infected so I can give them up to date information.

 

Some days ago I found a quite convincing warning about my flash player being outdated (funny, because I don't have any installed ;) ), so I downloaded it, and then uploaded to virustotal.com, where only one AV detected it (here's the report). Opening the .pkg file I found it's a bundle of adware with some known guys like Mackeeper.

 

My question is: What could I do to report it, so I can help AV manufacturers to detect it as soon as possible so other people can be aware?



BC AdBot (Login to Remove)

 


#2 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:36 PM

Posted 11 January 2017 - 01:19 AM

I am not aware of some sort of "reporting warehouse" that effectively reports things to many anti-virus/malware software companies, but someone else might be. The only thing that I am aware of is going to a specific vendor's website and finding their reporting page/method as most vendors do have something.

For example, here is Symantec's page outlining how you submit suspicious files to them:

https://support.symantec.com/en_US/article.TECH102419.html

#3 Almarma

Almarma
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 16 January 2017 - 04:28 AM

I am not aware of some sort of "reporting warehouse" that effectively reports things to many anti-virus/malware software companies, but someone else might be. The only thing that I am aware of is going to a specific vendor's website and finding their reporting page/method as most vendors do have something.

For example, here is Symantec's page outlining how you submit suspicious files to them:

https://support.symantec.com/en_US/article.TECH102419.html

 

 

Thanks for your idea. I found another way too inside Virustotal.com: If I register a user, then I can add comments about the file and vote for that file as malicious or safe. They say virus developers use that info to improve their detection engines. They call it "Online malware research community". I paste here the description:

 

In August 2010 VirusTotal integrated a pseudo-social network that allows its users to interact with other users and comment on files and URLs. These comments may range from deep malware analyses to information on the distribution vector and in-the-wild locations of the submitted files, hence, the community acts as the collective intelligence component of VirusTotal. Files and URLs can be voted as malicious or innocuous, building a community maliciousness score for the resource.

 

In other words, when security products fail (false positives/false negatives), there is still a chance that some VirusTotal Community user will have produced a useful review of the resource for its community peers.

 

 

 

I have registered and done it with the flash installer I found :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users