Categories

Malware Analysis

Malwarebytes Wants You! In The Fight Against Malware!

Malwarebytes was born out of the malware fighting community. I am not just talking about antivirus vendors and experts but from everyday people who wanted to take a stand against malware and help other people fight it too. It is because of that origin that we not only try to give back to the community as much as possible but also depend on the community to help us in the fight against malware. This blog post is about how YOU can help us out in the fight and also give you some insight into our processes and how you can use Malwarebytes Anti-Malware to its fullest potential to help your friends and family do the same.

Our Process

In order for us to protect our customers from the latest threats, we have to constantly update our central database with new detection definitions and pass them down to each Malwarebytes Anti-Malware client.  Every single day, our researchers write new definitions based upon the malware they are able to collect and analyze.

The malware collected comes from multiple sources, whether that be our own efforts of collecting malware from the websites with the same passion as us or our own collection efforts.  One of the other sources we tap for new malware is our community. We have a great community of malware fighters who submit new and unique malware samples to us every single day and are an invaluable resource in the fight against malicious software.

Submissions

If you are wondering where you might fit into this process, it would be in sending in malware samples to our researchers.  Do you need to be a malware expert to do this? No. Do you need to have a heavy technical background? No.  All you need is the drive to find new and interesting malware that we don’t currently detect and an account on our forums so you can submit what you find.  Here is how:

1. After you have an account, direct yourself to our Research Center Forums. There are two of them:

  • New Rogue Threats – You would post Rogue Antivirus programs here.
  • New Malware Threats – You would post all other types of malware here

2. Read the forum thread about what the purpose of the forum is. It is the first thread and should have the smiling face of our President and CEO Marcin Kleczynski on the first post. He requests that you should not only scan the file with Malwarebytes Anti-Malware to confirm that we don’t already detect the file but also that any files you intend to submit you run through the following malware scanning services and provide the report(s) along with your initial post.

 3. Below the post from Marcin is a directions from our Director of Research, Mieke Verburgh.  She provides a template to use when giving information about the sample you are submitting.  The template looks like this:

Topic Title Field: name of the sample(s)
 You can use the Topic description field as well if you have multiple samples.
Content of post:
samplename : MD5 hash - url to Virustotalreport
samplename : MD5 hash - url to Virustotalreport
samplename : MD5 hash - url to Virustotalreport
....
* Attachment = the sample(s)+URL(s) to the sample (if available).
 If you want, you can zip the text file of URL(s) and add as a second attachment in your post, your choice.
Submission Tip: If you can’t obtain the MD5 hash on your own, don’t worry, when you send the file through an online scanner, such as VirusTotal, it should provide that value for you.

4. Next, you need to go back to the listing for the “Newest XXXXX Threats” forum and click the “Start New Topic” button on the top right.

5. You will be directed to a page where you can fill out and submit your malware sample.  In addition to any scan reports you decide to include in your post, by following the template above and inputting the necessary information, you should end up with something like this:

Submission Tip: You can also use this area to input any useful information about the file, such as where you obtained it from and/or which directory you found it in when the file was discovered.  Anything that can help us stop this malware and other malware like it from spreading to any more victims is helpful and we greatly appreciate it.

6. Your next step would be to double check that you have uploaded the file and click the “Post New Topic” button.

Congratulations! You just took a stand in the fight against malware, thank you! You should see a response by one of researchers shortly, thanking you for your submission or asking for any further information they may require.

Malware Hunters

With all the samples coming in from contributing users, how do we narrow down the number of samples to only the most time-sensitive and unique ones? The ones which are the most important for us to be able to detect and remove right away? Enter the “Malware Hunters” group.

The Malware Hunters group consists of individuals who have contributed the highest amount of unique and critical files to our efforts and generally are the best at fighting and discovering malware.  There are some perks to being a Malware Hunter as well:

  • The ability to download samples from our forum to study.
  • Submitted samples are looked at with a higher priority than those from Non-Malware Hunters.
  • Access to tools which make submissions even more efficient.
  • A spiffy title on the forums.

To become a Malware Hunter, a user must be invited by the Malwarebytes staff, and in order for that to happen, they must do the following:

  • Contribute unique and interesting samples frequently.
  • Contribute verified malware samples frequently, not just false-positives.
  • Have a dedication to fighting malware that stands out and gets our attention.

It is not an impossible title to obtain, however the fight against malware is not easy and requires a lot of time, effort, education and a passion for making everything from a single computer to the entire internet safer for everyone.

Effectiveness

So you might not be cut out for finding new malware to submit to our researchers, but you still want to do something to help the fight.  You should remember that the fight against malware starts with every single user and how they keep themselves safe below the level of calling tech support.

Updates

I think a lot of people, who are not very familiar with fighting malware, believe that if you install an Anti-Malware solution then you will never need to update it and will be safe forever.  The truth is that new malware is always being developed and unleashed upon the masses.  Sometimes the malware itself is not new but the way in which it conducts its operations is slightly different, enough so to evade previously developed definitions; we call these slightly different types of malware “Variants.”

Here is an example of what might happen when not frequently updating your definitions:

User A has been using Malwarebytes Anti-Malware for a while now and even though they see the pop-ups which inform him that his database is outdated, he ignores them because it seems like something he could probably put off.

User A decides that since he is protected, he doesn’t think twice about loading up a program he downloaded off of a shady website which popped up yesterday.

As it turns out the program had Ransomware malware hidden within it and now he cannot access his files.

User A then calls up User B, who is into computer security, and asks for her help.

User B knows that User A is using Malwarebytes Anti-Malware and searches our forums for some help on fighting Ransomware.  She finds a thread which gives a walkthrough and talks User A through how to reboot his computer in safe-mode and running a scan with his instance of Malwarebytes Anti-Malware.

User A reports that it didn’t detect anything and begins to have a panic attack.

User B asks if User A had updated his definitions recently, User A replies that it has been a little while, about a year or so.

User B stares at the phone headset and sighs, she then tells User A to update his definitions and run the scan again.

User A does so and the Ransomware is detected! It is removed and he once again has access to his files.

So you see, sometimes the best way to protect yourself from new malware is to simply update your Anti-Malware/antivirus definitions regularly, otherwise you might end up being a User A.  This same advice is helpful for any friends or family you have that might be in trouble with some malware and aren’t as proficient as you are at getting rid of it.

Being Suspicious

With technology in nearly every aspect of our lives, it’s not hard to fall into a comfort zone when it comes to things like security.  However, this fact is something that a lot of malicious attackers and malware distributors attempt to exploit, usually ending in your personal information being stolen or destroyed.  Being suspicious while using any device is always a good way to keep you safe, here is a list of some things to always be cautious about:

  • Whenever you input ANY personal information, make sure you trust the destination.
  • When opening e-mails make sure you have some kind of layer between you and the e-mail, whether it be a web interface like with Gmail or security precautions to not view HTML in emails.
  • Only download software from legitimate sites that you know you can trust, using shady websites or torrents can lead to an infection by malware.
  • Always be prudent when it comes to security for your mobile devices, make sure they have passwords or other security measures.  Just as you can get attacked over the internet, you can be attacked by just leaving your laptop or cell phone unattended in a public area.
  • Don’t connect to any WIFI networks unless you know and trust the source, this is especially true for Airports and Hotels.

If you follow the above tips in any form, you will be less likely to have your information stolen or your computer hijacked.  If you see friends or family doing the opposite, don’t be afraid to let them know of the risk they are taking, it might save them a lot of trouble in the future.

Conclusion

This blog post spoke about how you can lend a hand in the fight against malware, which can be as easy as keeping software updated or as intense as dedicating your free time to finding and reporting new and unique malware.  As Malwarebytes was born from the community, we try our best to give back and help it grow.  The more people who are aware of the threats they face every day, the more people there are to counter those threats and the greater chance we have as a community to stopping the constant attacks which everyday users face.  If you have any more questions about how to contribute to our Research team, please reach out on our forums and our staff will be happy to help you. Oh and if you do decide to join our ranks in finding and stopping malware, be prepared to learn just how vulnerable you have been and still are to being infected and Good Luck.


Subscribe to our YouTube Channel