March 17, 2006

So how ARE you supposed to submit samples of malicious software or spyware to Microsoft?

Microsoft has recently streamlined their process for receiving samples of malicious software or spyware, and I asked if it was ok to let everyone know about it. It's actually rather easy:

Samples sent to the following addresses will be automatically processed into the Microsoft Antimalware Team analysis queue:


Note that these use @submit.microsoft.com now, rather than @microsoft.com.

One reason for the change is to move the mail server they use for sample submissions outside of their corporate SPAM and virus filters. In the past they have had issues with sample submission e-mails getting filtered, particularly on the SPAM side.

These addresses replace the old submission addresses:


As before, please use "False Positive" or "False Negative" in the mail subject line if possible to indicate the type of submission, and use password of 'infected' on the submitted .zip or .rar file.

If you have any questions about this process let me know, and I will take it to the program manager in the Microsoft Antimalware Team.

Have fun. Keep the samples coming. Microsoft loves them.

Posted by SilverStr at March 17, 2006 10:44 PM | TrackBack
Comments

It might be worth noting that Microsoft also has an address for reporting security issues related to their software - particularly useful for people who discover bugs that might be exploitable to cause security incidents, and would like to see them fixed before they get exploited.

The address is secure@microsoft.com.

[This irritates many people who think it should be "security" just like many other vendors use, but Microsoft uses "security" for physical security related issues at Microsoft sites, such as "I've locked myself out of my car", or "someone's trying to pry the smart-card reader off the door to building 44". This use significantly predates the creation of a "security" mailing alias for vulnerability reporting, and Microsoft figured it would be easier to re-educate everyone who ever wants to post vulnerability details to Microsoft than it would be to re-educate their employees. Go figure.]

Posted by: Alun Jones at March 20, 2006 08:24 AM