VCC - Virus Control Center: a home-grown helpdesk application to efficiently handle the never-ending flood of malware
Oliver Auerbach, Cosmin Ancuta and Robert Harja Avira
Corporate stream: Thursday 2 October 2008, 11:20 - 12:00.
In January 2008 Av-Test.org published statistics about the rapid increase in the volume of new malware. In particular,
the report states that more than 10,000 different malware files appeared every day in the previous year and the outlook
for the current year does not look any better. Avira's own statistics don't look any different from this, apart from the
fact that many of the files belong to the same family and do not differ significantly from a functionality point of view.
Malware analysts have started to add to their products sophisticated detection for malware families instead of individual
variants, in order to increase proactive detection and make it harder for the bad guys to release new, and not yet detected
variants. As a result of these generic detection routines the number of individual samples that need to be analysed is
much lower and the side effect is a reduced workload.
The addition of generic detection routines does not reduce the number of file submissions or other malware-relevant
support incidents itself. In fact, the use of malware to steal money and the number of new inexperienced computer users has
led to an explosion of malware-related customer incidents. Processing large numbers of requests with labs in different time
zones and countries that serve customers all around the world, who all expect an answer immediately, is proving to be a
significant challenge. This is in addition to the prioritization, de-duplication, outbreak detection and handling that must all
to be taken into consideration.
This paper describes how to handle the never-ending flood of requests appropriately using an internally developed tool called
VCC - Virus Control Center. The application is far more than a customized helpdesk application interacting between customers
and researchers. The main purpose for the VCC is to handle de-duplication, assignment of jobs to analysts according to
their priority and relevance, while not losing related information and files on the way. In simple terms this is the virus
lab's heart in terms of daily sample processing and customer interaction.
