<Not sure in which forum sub-section to post so if necessary , please move the thread>
Hello!
Very rarely can I find malware samples that Norton products can't block/detect in real-world enviroment but when it is necessary to submit a sample to Symantec Security Response , it takes VERY LONG time to get a response and much longer to see a signature update.
I have submitted a few samples more than month ago using the regular Norton submission page and I still haven't received an answer . The samples were from real-world computers that run NIS 2010 and N360 and this worm was running there with no problems infecteing removable drives.
Unlike other vendors , the Norton and Symantec support are great . NPE , too and can detect everything that Norton or SEP misses (I myself couldn't find a sample that NPE missed after Norton). However , it would be great if Symantec Security Response (SSR) improves.
I must note that :
# I sometimes submit my samples using Basic Maintanance support account from SEP and even they are very slow to responde.
# Symantec Security Response does acts very promptly on FPs (good job)
# An year or so ago it wasn't like that . When I submitted a samples , I once even got a definition in 6 hours. Now it can't even happen in 6 days.
I am sure Symantec Security Response is very overloaded from malware samples and other requests but something should be changed regaring making the Lab faster to add new detection.
Sending Symantec samples via their submit site (which I have not used) they also use a somewhat of a ummmm reputation system from emails addresses submitting files.
Sending Symantec samples via their submit site (which I have not used) they also use a somewhat of a ummmm reputation system from emails addresses submitting files.
Quads
Hello!
You either don't send them samples or you use another way . If there's such another way , would you mind sharing it ?
As for the reputation system , I know they treat business customers with higher priority , I am aware of that. I am just saying that even if they treat businesses critical submissions differently, any other submission should also be treated fast (in my opinion). Typing "fast" doesn't necessary mean rapidly for 15 minutes (for example).
Fair enough comment. I have had mixed results. Sometimes I get a response in 24 - 72 hours, other times longer.
Tracking #15573647 - 11th May
Tracking #15570993 - 9th May
Sent these two, and I still do not know if they are threats or not, as I believe them to be. Have had no feedback other than being given my tracking numbers.
I do have one of them. It seems to be, if anything, a very minor risk. However, I do believe that it could be a risk of some kind, but I might be wrong. Which is why I wanted a response from Symantec. It came from a no-dvd patch (used because my optical drive packed up - has happened 3 times so far... quite an expensive habit that my pc has), and calls itself "winsystem.exe" - created a start-up item (or two, I can't rightly remember) and was supposedly running, but could not be seen in task manager. was located in appdata\roaming\microsoft\windows\start menu\programs\startup\winsystem.exe (it also ran from there). I quarantined it manually with Norton, and it terminated the program and removed the start-up entries. if I open the no-dvd patch, it puts itself back in exactly the same manner. Sonar + Heuristics set to aggressive dnt see anything. So I dnt know what it is. It just seems very suspicious, although I don't think that it is capable of much. I Think threatexpert said it was something like... errmmm... winspy or something like that. I really don't remember. Anyway, I cxan send you the zip if you would like me to? I don't think it would be worth your time though :-) There are many more complex and nasty virii out there :-)
None of the files I got, and ran or opened were malicious, in terms of being a Trojan, Worm, Virus, Rootkit, Rogue etc installer. I didn't get the "winsystem.exe" file created from running the "rld-bbc2.exe".
But the file in that location could be a new variant of "W32.agobot", "W32/Whitebait.gen@MM" or "W32,Muldrop"
Now to the files I received, The files are used to crack the game Battlefield Bad Company 2, Four of the files are used after the game installation to replace the original .exe and files in the install directory so the game becomes cracked and thus played for for free.
