Яндекс
Это HTML-версия документа от 10.12.2015 [07:35:32]. Оригинал: https://www.virusbtn.com/resources/cybercrime/type
v
site:virusbtn.com newvirus
Посмотреть текстовую копию
Яндекс не связан с авторами и содержимым страницы

Covering the global threat landscape

home
Virus Bulletin - VB100 banner

Cybercrime links and resources

By type

Illegal and Offensive content

  National hotlines

National hotlines are available in many parts of the world for the reporting of any potentially illegal content or activity on the Internet.
INHOPE (the International Association of Internet Hotlines) provides links to a number of regional reporting hotlines around the world, here.

Malicious software and spyware

The best place to report incidents of malware and spyware is to your security software provider. In cases where cleaning/removal of infections is unsuccessful, technical support pages should be checked for further information and the technical support department of your security provider should be contacted for further assistance if required.
Many security products are able to automatically send details of detections - often including samples of malware or suspected malware - to research labs as they are detected, for further analysis and statistical information. We would encourage all users to activate such functionality where possible, to help provide the best possible protection for other users and to ensure security experts are able to monitor potential major outbreaks.
In some cases it may be preferable to send samples manually, for example via email. We strongly advise against sending viruses via email in unencrypted form - password-protected archives are generally acceptable and PGP-style encryption techniques are even safer. Individual firms have their own requirements and advice on how to submit samples. While not exhaustive, the following list provides malware submission details for most of the major anti-malware firms.
  • Agnitum (Outpost)
    • A web form is provided to upload suspected malware samples and false positives, here.
  • AhnLab (V3Net)
    • An online sample-submission system is provided here.
  • Aladdin (eSafe)
    • A web form is provided for technical support contacts and sample submission here. eSafe customers only, requires login, works with Internet Explorer only.
  • Avast!
    • A web form is provided for users to send reports of suspicious files or false positives to the company's Virus Lab here.
  • Avira
    • The company provides a web form for sample submissions here. Alternatively, suspicious files can be emailed to virus@avira.com - the company recommends that samples are sent as password-protected archives. Details of submission requirements are here.
  • AVG
    • The company provides an email address for sample submissions, virus@avg.com, and recommends that samples are sent as password-protected archives.
  • Bitdefender
    • The company provides an online sample submission form for reporting false positives and false negatives here.
  • BullGuard
    • The company provides an email address for sample submissions: infection@bullguard.com.
  • Dr.Web
    • A form is provided for sample submissions here.
  • ESET (NOD32)
    • The company provides an email address for sample submissions, samples@eset.com, and recommends using archives protected with the password 'infected' and providing details about the file in question.
  • Frisk (F-PROT)
    • An online form is provided for submission of suspicious files, here. A PGP key is provided for secure transfer, here.
  • F-Secure
    • A sample submission system - for the submission of samples including malware, false positives, spyware, adware and riskware - can be found here.
  • Fortinet (FortiClient)
    • Samples can be submitted via an online scanner system here, or manually by email. Full instructions are here.
  • Hauri (ViRobot)
    • An online reporting system is operated for the reporting of suspected malware here.
  • Kaspersky Lab
    • The company provides an email address for the submission of suspected malware samples:   newvirus @kaspersky.com.
  • K7 Computing
    • Samples can be sent (ideally in password-protected zips) to k7viruslab@k7computing.com.
  • Lavasoft (AdAware)
    • Malware sample submissions are accepted via an online form here, with an upload limit of 20 Megabytes. Larger submissions, or submissions that do not involve a file upload, can be emailed to research@lavasoft.com. False positives can be reported via an online form here.
  • McAfee
    • Sample submissions should be made via the McAfee ServicePortal here (free user registration is required). Full details as to how to submit a sample are given here. Alternatively, samples can be emailed to Virus_Research@avertlabs.com.
  • Microsoft (Security Essentials, Windows Defender)
    • Microsoft offers a malware-submission system as part of its security portal, here.
  • eScan
    • The company's support department can be contacted at support@escanav.com for details of how to submit suspect files.
  • Norman
    • Undetected spam samples can be mailed to spam@norman.com.
  • PC Tools
    • An online malware submission system is provided here.
  • Quick Heal
    • The company provides an email address for sample submissions: viruslab@quickheal.com.
  • Rising
    • An online form for submitting suspect samples is provided here (maximum file size 5MB).
  • Sophos
    • Suspect files can be submitted via email or through an online system, details and links for doing so are here. Mislabelled spam or non-spam messages can also be reported, instructions are here.
  • ThreatTrack Security (VIPRE)
    • An online submission system for unrecognized or problematic malware is provided here, with a separate system for submitting suspected false positives here.
  • Symantec (Norton)
    • Details of how to submit suspect or problematic samples, depending on type of user and product, are provided here.
  • Trend Micro
    • Suspicious files can be uploaded via the company's support site here, and false alarms reported here.
    Information on how to submit spam samples is provided here.
  • VirusBlokAda (VBA32)
    • Samples can be sent to  newvirus @anti-virus.by.

Phishing

  General

  • APWG
    • The Anti-Phishing Working Group (APWG), a global volunteer organization dedicated to combating phishing, offers an email address for reporting phishing scams, reportphishing@apwg.org, with more details on the organization's site here.
  • PhishTank
    • PhishTank, another project maintained by free software developer OpenDNS, also accepts details of suspected phishing websites here.

  Financial institutions

Phishing attacks targeting banks, building societies, credit unions or other financial institutions should be reported directly to the institution in question. Websites hosting phishing attacks should be reported to ISPs. Victims of identity theft and fraud should also report incidents to local police.
The following is a list of some of the major online shopping sites and providers of financial services and their phishing/spam contact information:
Most other online stores and banks will provide contacts for reporting suspected phishing, theft or other forms of cybercrime. These are usually displayed on the appropriate website.

  Agencies

  Specialist anti-phishing companies

  • Fraudwatch International
    • Fraudwatch International is an Australian company that combines education, monitoring and detection services, as well as preventative software solutions for consumers and corporate clients. The company's website lists the latest phishing alerts both by date and by company targeted as well as offering an alert service via email and RSS feeds. Phishing and other online fraud and scams can be reported by emailing scams@fraudwatchinternational.com.

Vulnerabilities

In general, researchers discovering vulnerabilities in software products can report them directly to the developers of the software. Local CERTs generally provide reporting systems for software vulnerabilities. Several specialized firms also provide reporting services, often including verification of claims and rapid trusted reporting systems.
  • Verisign iDefense
    • Verisign runs the iDefense Vulnerability Contributor Program here, to which researchers can submit new vulnerabilities. A list of public vulnerability advisories is provided here.
  • Secunia
    • Secunia provides a database of vulnerability advisories here.
  • Tipping Point Zero Day Initiative
    • The Zero Day Initiative (ZDI), founded by TippingPoint, is a programme for 'rewarding security researchers for responsibly disclosing vulnerabilities'. Details can be found here.
  • US-CERT
    • Email details to cert@cert.org (cc to soc@us-cert.gov).

  Developers

Many major development houses provide their own reporting systems for vulnerabilities and abuse, and in recent years several companies have set up 'bug bounty' programmes, in which those who report bugs to the company in question receive recognition and compensation. Comprehensive lists of bug bounties are kept by Bugsheet here and by Bugcrowd here. A few of the most significant firms are listed below.
  • Adobe
    • Adobe provides a form for reporting security issues associated with its products. Details of how to use the form, and a link to the form itself are here.
  • Facebook
    • Facebook's responsible disclosure policy, which includes details of what should be reported, what should not be reported, and reward guidelines, can be found here, and a form for reporting vulnerabilities is here.
  • Google
    • Details of Google's Vulnerability Reward Program (VRP) are provided here, and bugs can be reported via an online form here. Vulnerability reports for Android should be emailed to security@android.com, while for Chrome vulnerabilities, the Chromium bug tracker should be used, here.
  • Microsoft
    • Details of Microsoft's bug bounty programmes can be found here, while details of how to submit information relating to security vulnerabilities in the company's products and services are here.
  • Mozilla
    • Mozilla's bug bounty guidelines can be found here, along with details of how to submit a vulnerability report.
  • PayPal
    • PayPal's bug bounty guidelines can be found here, along with details of how to submit a bug report.
  • Twitter
    • Details of Twitter's bug bounty programme can be found on the company's HackerOne page, here. The page also includes a link for reporting bugs.
  • Yahoo!
    • Details of Yahoo!'s bug bounty programme can be found on the company's HackerOne page, here. The page also includes a link for reporting bugs.
Copyright © 2015 Virus Bulletin Ltd  -  Privacy statement | Terms and conditions | Cookie policy | PDA Version | Contact Us | current user: none (login | register)
This site uses cookies to store information on your computer. To find out more about our cookies and how to manage them, take a look at our Cookie Information page. By using our site, you agree to our use of cookies and our terms and conditions.

Click here to hide this box.
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%