Virus Guy  news:m7el22$sn3$1@speranza.aioe.org
Wed, 24 Dec 2014 15:10:57 GMT in alt.privacy.spyware, wrote: 

> Meanwhile, while looking into various Backoff samples, they ran
> into a sample submitted to VirusTotal that wasn't packed that
> looked to be "freshly created and output from the compiler." They
> guessed that it very well could have been submitted by the
> malware's author for AV testing purposes, but the sample allowed
> them to examine the binary and determine its origins to be from
> India. 

That's strange. Normally, you don't submit an unprotected 1st gen 
malware sample to the AVers. It gives them the next best thing to full 
source code for studying your malware. Second, you won't be releasing 
the malware in this unprotected form, so you gain nothing by the results 
of having it scanned unprotected. The binary will be changed as part of 
the compression/encryption/whatever security layer you apply to it. That 
binary is the one that should be submitted to ensure you aren't already 
being detected. 

Once you've submitted a viable sample though, you have a limited amount 
of time in which to spread it from that point forward. All samples 
uploaded are share with various vendors; it's a matter of hours to a few 
days before the major players can all detect your newest creation. That 
spells death for your creation and a loss for the time you spent writing 
it.




-- 
My truck does not leak. It's just marking its territory! 
--- NewsGate v1.0 gamma 2