兩天前我到McAfee WebImmue那上報了幾隻樣本
以前是只有初步的機器分析回覆(主控端用的是beta dat)
就像這樣:AVERT Labs - Beaverton
Current Scan Engine Version:5300.2777
Current DAT Version:5507.0000
Thank you for your submission.
Analysis ID: 5097345
Name Findings Detection Type Extra
admin35.exe inconclusive no
inconclusive [ admin35.exe ]
Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an Avert Labs Researcher for further analysis. You will be contacted by AVERT through e-mail with the results of that analysis.
Regards,
McAfee AVERT tm
A division of McAfee, Inc
隔了2,3天候,我又收到一封McAfee Avert Labs寄來的信,標題是"Escalation:(上報編號)",並且已將樣本入庫 (不會收到Extra.dat)
內容如下:
Avert™ Sample Analysis
McAfee Avert™ Labs, Automation
Thank you for submitting your suspicious file(s). We have determined that the following submissions are handled by our AV signature DAT files.
Analysis Id: 5097345
--------------------
File Name Findings Detection Type
========= ======== ========= ====
admin35.exe detected generic backdoor trojan
DAT version 5509 provides cover against all of the submissions shown above.
...(略)
我已經收到好幾封類似這樣的,證明了現在上報樣本會二次分析並回覆了!!
PS.一個壓縮檔只能一個樣本,不然不會收到二次回復信!
最後,發給大家McAfee的上報網站&信箱(壓縮檔須加密為:infected)(且壓縮檔只能採用zip格式):
1.網頁上報: https://www.webimmune.net/default.asp (須先註冊,但第一次回復速度快,約3~5分鐘,我都用第一種)
2.信箱上報: virus_research@avertlabs.com (不須註冊,但第一次回覆較慢,約一天)
請大家多多上報樣本給McAfee,使偵測率提升,謝謝大家!!
[ 本帖最后由 sun88990 于 2009-1-29 10:51 编辑 ] | 
发表于 2009-1-29 10:46:04
楼主
