I was looking through someones photos on ImageShack account and one of those rogue anti-malware scanner pages loads up and attempts to automatically download a setup file which I'm sure won't be what it claims it is.

My guess is that it is that it is a simple client that will download something far nastier given the chance

Neither my firewall or AV blinked an eye at this which is worrying.
I've attached the URL and the suspect setup file (which I haven't run) in case anyone would like a look.

I also wanted to ask if there was a particular security site or repository that all the AV and firewall vendors use to tackle new threats found in the wild?

Thanks for reading.

Password is 'malware'.

UPDATE: NOD32 now detects it as a variant of the Win32/Kryptic.AMH trojan.

Yep, rogue anti-malware app that downloads a payload from turkish website. Drops two *.tmp.exe files, one is a rogue windows xp security center. While scanning your computer, the rogue anti-malware app `finds` a large list of false positive files (harmless, mainly exe, dll and ocx) dropped into windows/system32. I suspect to do the dropjob itself.

EDIT: hmm yeap

http://i35.tinypic.com/xgiqa9.png

http://i35.tinypic.com/vxgpq0.png

EDIT2: As for your question, I'm not aware of sites where you can upload suspicious file for entire AV community, but some AV sites allows you to send them samples.

Thank you very much for taking a look at this, you have confirmed my suspicions. This is first time in a long while since I have came across a malware nasty that got past my security software.

Yes there is, but there's no public access to it; you have to be a vetted member of the industry.

You're best off submitting the sample to your AV/FW vendor through their submission mechanism. Almost every vendor has an online web form (such as https://www.microsoft.com/Security/portal/Submission/Submit.aspx) or an e-mail address to submit new samples. Look around on the vendor's webpage to find it.

This particular setup.exe is already being detected by 50% of and AV companies, so more than likely the AV your using is already aware of it.

In fact 21 over 41 tested antivirus are reporting it, at date of yesterday:
https://www.virustotal.com/analisis/89210d942c2e34bcb87dc90d4e3a5f0c40c11f626aaa54ca65c0b6426d925cf2-1256300301

Thanks for the replies.

@disavowed, I thought that this type of thing would be for security restricted to security pros only. I'll send any further threats I find to Eset and Agnitum in the future should the need arise.

@CyberSorcerer/bilbo, my AV didn't detect the file in the morning but I found it but was able to catch it in the afternoon.
Positive proof that your defence is only as your latest update.

Because it can be a pain to find an email address to send samples to on some of the AV companies websites here is a list I have and use in case it is of use to someone out there.

AhnLab-V3 - samples@ahnlab.com;
AntiVir - virus@avira.com;
Antiy-AVL - submit@virusview.net;
Arcabit - virus@arcabit.com;
Authentium - virus@authentium.com;
Avast - virus@avast.com;
AVG - virus@avg.com;
BitDefender - EMsamples@bitdefender.com;
CAT-QuickHeal - viruslab@quickheal.com;
DrWeb - vms@drweb.com;
eSafe - virus@esafe.com; esafe.virus@eAladdin.com;
eTrust-Vet - virus@ca.com;
Ewido - submit@ewido.net;
FileAdvisor - submitvirus@fortinet.com;
Fortinet - submitvirus@fortinet.com;
Ikarus - samples@ikarus.at;
Immunet - submit@samples.immunet.com;
K7AntiVirus - k7viruslab@k7computing.com;
Kaspersky - newvirus@kaspersky.com;
McAfee - virus_research@avertlabs.com;
NOD32v2 - samples@eset.sk;
NOD32 - samples@eset.sk;
Norman - analysis@norman.no;
Panda - virussamples@pandasecurity.com;
Sophos - samples@sophos.com;
TheHacker - virus@hacksoft.com.pe;
VBA32 - newvirus@anti-virus.by;
VirusBuster - virus@vbuster.hu;

- Cheers

You can add to that list:
Microsoft - avsubmit@submit.microsoft.com ("avsubmit@submit.microsoft.com");

If I may update this thread, I'd add two more links for malware submission. For the record.
F-Prot - http://www.f-prot.com/virusinfo/submission_form.html
F-Secure - http://www.f-secure.com/en_UK/security/security-lab/submit-samples/

I also thought submission to VirusTotal et al, automatically forwards a sample to AV companies?

Yes sir !



http://www.virustotal.com/privacy.html