Fighting malware and spam

Cybercrime links and resources

By type

Illegal and Offensive content

  National hotlines

National hotlines are available in many parts of the world for the reporting of any potentially illegal content or activity on the internet.

Inhope provides links to a number of regional reporting hotlines around the world, here.

Malicious software and spyware

The best place to report incidents of malware and spyware is to your security software provider. In cases where cleaning/removal of infections is unsuccessful, technical support pages should be checked for further information and the technical support department of your security provider contacted for further assistance if required.

Many products are able to automatically send details of detections, often including samples of malware or suspected malware, to research labs as they are detected, for further analysis and statistical information. We would encourage all users to activate such functionality where possible, to help provide best-possible protection for other users and to ensure security experts are able to monitor potential major outbreaks.

In some cases it may be preferable to send samples manually, for example via email. We strongly advise against sending viruses via email in unencrypted form - password-protected archives are generally acceptable and PGP-style encryption techniques are even safer. Individual firms have their own requirements and advice on how to submit samples. The following list provides malware submission details for most of the major anti-malware firms.

• Agnitum (Outpost)

A web form is provided to upload suspected malware samples and false positives, here.

• AhnLab (V3Net)

An online sample-submission system is provided here.

• Aladdin (eSafe)

A web form is provided for technical support contacts and sample submission here. eSafe customers only, requires login, works with Internet Explorer only.

• Alwil (Avast!)

A web form is provided for users to report incidents of infection for statistical analysis purposes here. Virus sample submissions can be made via email to virus@avast.com.

• Authentium (Command)

Details of preferred submission methods, including PGP key for secure transfer, are provided here.

• Avira (AntiVir)

The company provides an email address for sample submissions, virus@avira.com, and recommends that samples are sent as password-protected archives. Details of submission requirements are here.

• AVG

The company provides an email address for sample submissions, virus@avg.com, and recommends that samples are sent as password-protected archives.

• Bullguard

The company provides an email address for sample submissions: infection@bullguard.com.

• CA (eTrust, CA Anti-Virus)

An online submission form is provided here, with advice on what to send and how to send it here.

• Central Command (Vexira)

Samples can be sent by email to virus@centralcommand.com.

• Dr.Web

An email address is provided for sample submissions: vms@drweb.com.

• ESET (NOD32)

The company provides an email address for sample submissions, samples@eset.com, and recommends using archives protected with the password 'infected' and providing details about the file in question. Instructions are here.

The company is also interested in receiving samples of phishing emails at the same address, details of what information is required are here.

• eEye Digital Security (Blink)

eEye accepts samples via its support system (for paying users) or by email (in password-protected archives) at malware@eeye.com.

• Frisk (F-PROT)

An online form is provided for submission of suspicious files, here. A PGP key is provided for secure transfer, here.

• F-Secure

Advice on useful steps to take prior to submitting samples can be found here. A sample submission system - for the submission of samples including malware, false positives, pages for parental filtering and spam/phishing emails - can be found here.

• Fortinet (FortiClient)

Samples can be submitted via an online scanner system here, or manually by email. Full instructions are here.

• Hauri (ViRobot)

An online reporting system is operated for the reporting of suspected malware here.

• Kaspersky Labs

The company provides an email address for the submission of suspected malware samples: newvirus@kaspersky.com.

• K7 Computing

Samples can be sent (ideally in password-protected zips) to k7viruslab@k7computing.com.

• Lavasoft (AdAware)

Sample submissions are accepted via an online form here. Alternatively, samples can be emailed to research@lavasoft.com.

• McAfee

Sample submissions should be made via the Avert Labs WebImmune website here (free user registration is required). Alternatively, samples can be emailed to Virus_Research@avertlabs.com.

• Microsoft (OneCare, Forefront)

Microsoft offers a malware-submission system as part of its security portal, here.

• Microworld (eScan)

The company's support department can be contacted at support@mwti.net for details of how to submit suspect files.

• Norman

Suspect files can be submitted to Norman's SandBox system for automated analysis. The upload page is here. Files that are thought to be false positive detections from Norman's products can be submitted here.

• PC Tools (Spyware Doctor)

An online submission system is provided, here.

• Quick Heal

The company provides an email address for sample submissions: viruslab@quickheal.com.

• Rising

An online form for submitting suspect samples is provided here (maximum file size 5MB).

• Sophos

Suspect files can be submitted via email or through an online system, details and links for doing so are here. Mislabelled spam or non-spam messages can also be reported, instructions are here.

• Sunbelt Software (Vipre/CounterSpy)

An online submission system for unrecognized or problematic malware is provided here, with a separate system for submitting suspected false positives here.

• Symantec (Norton)

Symantec provides details of how to submit suspect or problematic samples, depending on type of user and product, here.

• Trend Micro

Trend Micro provides a set of contact options for sample submission, with faster response times assured for paying users of its support services. The various methods can be accessed here.

• VirusBlokAda (VBA32)

Samples can be sent to newvirus@anti-virus.by.

• VirusBuster

Samples can be submitted to VirusBuster's labs for analysis using the company's support system, which can be accessed from here.

Phishing

  General

• APWG

The Anti-Phishing Working Group (APWG), a global volunteer organization dedicated to combating phishing, offers an email address for reporting phishing scams, reportphishing@antiphishing.org, with more details on the organization's site here.

• PhishTank

PhishTank, another project maintained by free software developer OpenDNS, also accepts details of suspected phishing websites here.

  Financial institutions

Phishing attacks targeting banks, building societies, credit unions or other financial institutions should be reported directly to the institution in question. Websites hosting phishing attacks should be reported to ISPs. Victims of identity theft and fraud should also report to local police.

The following is a list of some of the major online shopping sites and providers of financial services and their phishing/spam contact information:

• Amazon

Forward suspected phishing emails or send details to stop-spoofing@amazon.com.

• eBay

Email details to spoof@ebay.com (or your local version, e.g. spoof@ebay.co.uk).

• PayPal

Email details to spoof@paypal.com (or your local version, e.g. spoof@paypal.co.uk).

• Western Union

Email details to spoof@westernunion.com.

Most other online stores and banks will provide contacts for reporting suspected phishing, theft or other forms of cybercrime. These are usually displayed on the appropriate website.

  Agencies

• US-CERT

Email details to phishing-report@us-cert.gov. Information on what data to include can be found here.

  Specialist anti-phishing companies

• Fraudwatch International

Fraudwatch International is an Australian company that combines education, monitoring and detection services, as well as preventative software solutions for consumers and corporate clients. The company's website lists the latest phishing alerts both by date and by company targeted as well as offering an alert service via email and RSS feeds. Phishing and other online fraud and scams can be reported by emailing scams@fraudwatchinternational.com.

Vulnerabilities

In general, researchers discovering vulnerabilities in software products can report them directly to the developers of the software. Local CERTs generally provide reporting systems for software vulnerabilities. Several specialized firms also provide reporting services, often including verification of claims and rapid trusted reporting systems.

• iDefense

iDefense runs a Vulnerability Contributor Program here, to which researchers can submit new vulnerabilities. A list of public vulnerability advisories is provided here.

• Secunia

Secunia provides a database of vulnerability advisories here.

• Tipping Point Zero Day Initiative

The Zero Day Initiative (ZDI), founded by TippingPoint, is a programme for 'rewarding security researchers for responsibly disclosing vulnerabilities'. Details can be found here.

• US-CERT

Email details to cert@cert.org (cc to soc@us-cert.gov).

  Developers

Many major development houses provide their own reporting systems for vulnerabilities and abuse, details should be provided by individual companies but a few of the most significant firms are listed below.

• Microsoft

Microsoft provides details of how to submit information relating to security vulnerabilities in its products and services here.

• Google

Google provides information on how to submit security incidents involving its products and services here, requesting reports to be sent to security@google.com.

• Adobe

Adobe provides a form for reporting security issues associated with its products. Details of how to use the form, and a link to the form itself are here.