Kansas State University

search

IT News

Submitting malware samples for analysis helps improve Trend Micro

In order to escape detection by antivirus software, hackers are constantly altering the malware they proliferate through malicious e-mail attachments, web links, USB flash drives, and a variety of other means. Estimates of new malware produced every day are as high as 50,000, which makes it impossible for pattern-based antivirus software to keep up and detect every single one.

That is not to say antivirus has no value — Trend Micro antivirus has detected more than 73,000 instances of malware since Jan. 1. In fact, in one recent report, Trend Micro security software was rated the most effective tool for catching malware among evaluated consumer-grade antivirus products, so Trend Micro OfficeScan is doing its job. The point is antivirus software cannot catch all malware, so K-Staters are potentially vulnerable to new malware when it first arrives.

One way  K-Staters can help is to submit new malware to Trend Micro for analysis, so those characteristics can be added to the pattern files used by OfficeScan to detect and delete malware. To make this easier for K-Staters, the IT security team developed the “Malicious Software Reporting Tool” where suspicious file(s) can be uploaded and described.

Once uploaded, the security team will perform a preliminary analysis and then submit the files to Trend Micro researchers. Since K-State has a support contract with Trend Micro, our submissions get priority and a solution is typically provided within two hours.

Since working with malicious files is a bit like playing with a loaded gun, people who are not confident in their ability to safely submit the files should ask their IT support person or the IT Help Desk for assistance. If you are confident, then submit as quickly as possible any suspicious files received in an e-mail attachment or discovered on a USB flash drive or infected computer. The sooner they are submitted to Trend Micro, the sooner the spread of the malware will be contained. By the way, saving an attachment is safe as long as you don’t try to open it.

If you are not sure if a file is malicious, Virustotal can help since it analyzes the file with 41 different antivirus products, including Trend Micro. Usually a few of those antivirus products recognize the file as malicious, making it all the more urgent to get it submitted to Trend Micro.

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer