Last week a customer emailed me about an item he had read in that edition of our #AxisOfEasy newsletter. He mentioned that he had received an obviously malware email with a .iso file in the attachment and he was wondering what to do with it. Not in terms of “how can I infect my computer with it?” but rather, “where can I send it for analysis?”
He had found via web search a company that encouraged him to forward suspicious files to them but he was asking me if I had heard of them, were they reputable, that sort of thing.
I hadn’t heard of them, but for the record it was this outfit.
But it’s a good question and one I thought I’d quickly cover here for future reference.
Obviously, when you come across a suspicious file (like any executable attached to an email, .zip, .iso, .exe, etc), don’t open the attachment and don’t attempt to run it. The easiest thing is to just delete the email.
But if you know how to detach an attachment and save it without running it, you could then upload it to various online communities that will run multiple virus scanners on it (I always find it interesting how the hits on a file can vary across different scanners).
These sites typically act as hubs for the security community so that you have many sets of eyes looking at the results from these various files being fed into them. This way new malware variants can be detected and the persistence or resurgence of older ones can be measured.
Some sites where you can upload individual files, or even have remote URLs such as ones you may find spamvertised in your emails, include:
There are many of these, security researcher Lenny Zeltser maintains a list here
Before you upload anything to these sites, be aware that:
- In many cases the wider security community gains access to the files you upload. For example, paid users of VirusTotal can download any file uploaded to the system.
- Therefore, don’t upload any files that may contain personally identifiable information.
- Finally, if an online scanner doesn’t find anything wrong with a file, that’s no guarantee that it’s safe! You still need to exercise caution if you are suspicious of a file for any reason.