Skip to end of metadata
Go to start of metadata

Alerts

No Alerts at this time.

E-mail: security@lbl.gov

How to Handle Suspected Malware

Overview

This document describes how to handle suspected malware that is not detected by current virus definitions. Malware not detected by Anti-virus definitions is commonly referred to as 0-day malware or 0-day viruses. It is important to submit 0-day malware to Anti-virus vendors so they can create a definition capable of detecting the malware. This document outlines ideas for detecting 0-day malware as well as Anti-virus vendor submission procedures.

How to Identify Suspected Malware

Modern malware is very sophisticated and stealthy. There is no guarantee it can be detected. Once you have identified a suspicious file, the below outlines options for assisting you in determining if the file is malware.

  • Submit the suspect file to Virustotal

    Virustotal is an online service that scans suspected files using 32 different Anti-virus vendors. The detection rate and definitions vary widely between vendors. Many times, a few virus vendors are ahead of the rest in detection. Virustotal helps you to leverage the detection capabilities of all the Anti-virus vendors.

  • Contact Cyber Security for assistance at security@lbl.gov
    The Cyber Security team has several resources, such as a virtual environment where we can run the suspected malware and observe its behavior for identifying suspected malware as well as access to technical experts to assist in identification.

Submitting Malware

The lab uses three Anti-virus vendors, Sophos, ClamAV,  and Symantec.  The Lab is currently evaluating Trend, Vipre, and Kapersky and the future antivirus products.

If you come across of piece of malware that is not detected by our virus vendors, please submit it to our Anti-virus vendors. Once submitted, the Anti-virus vendors create definitions to protect other computers. Below are the malware submission procedures for each of our vendors.

Current vendors
Candidate vendors

Help / Feedback

If you have questions or comments about this website, please contact Cyber Security via email at security@lbl.gov.

If you need general computer assistance, please contact the LBNL Help Desk at x4357, help@lbl.gov, or online at help.lbl.gov.