Home  ›  System Administrators  ›  EMAIL: Providing a Malware, Virus, or Ransomware Sample

EMAIL: Providing a Malware, Virus, or Ransomware Sample

Print Friendly, PDF & Email

Created – August 27, 2018 by Ian Thieves
Modified –
Prerequisites –

This K-Page is for Users that want to provide a malware sample to Support for investigation.

Please note that if you suspect that a computer is already infected, the best procedure is to remove the computer from the network and call LogDev for assistance.

Overview

This page is for sending Malware samples only.

For instructions on sending Spam samples to LogDev, see: EMAIL – Providing a Spam Sample

Spam and Malware samples can be sent to LogDev via our unfiltered spam mailbox, [email protected]

However, additional steps may be necessary to get the spam or malware sample out of Outlook and through the mail server without being filtered along the way. This document describes our complete procedure for sending unwanted or potentially dangerous files and emails to LogDev for assessment.

DO NOT SIMPLY FORWARD THE EMAIL TO US

There are two reasons not to do this:

  1. We have software to block evil eMail, so we will not receive it – nor even know that you sent it.
  2. On the off-chance that we get it, your act of forwarding will replace the Internet Headers with yours, making you look like the spammer, and removing the very information we need to help you.

Malware, infected documents, and spam with attachments are more difficult to send for analysis, as the message may be scanned and blocked by your mail client, your mail server, or any of the multiple mail servers your malware email may get relayed through on its way to LogDev. The procedure below will ensure that your message makes it to LogDev

Outlook 2010/2013/2016

  1. Notify LogDev that you are sending a spam sample for assessment by sending an email to [email protected] describing the nature of the issue and how you would like LogDev to address the situation. Now, you must export the message to a file.
  2. In Outlook 2010/2013/2016:
    1. Double click on the spam email to open the message in its own Outlook window
    2. Click File and then Save As
    3. Rename the file to the ticket number from above
    4. Save the file to you desktop
  3. The next step is to encrypt the message file, this will prevent the malware sample from being lost in transit to LogDev’s spam mailbox. The easiest way to do this is to install 7zip and create a password-protected .zip file. Make sure you provide the password used to encrypt the file in your email!
  4. Create a new email message
  5. Add the password-protected ZIP file as an attachment
  6. Write the password used to encrypt the file in the body of the email message!
  7. Write the ticket number from above as the subject line
  8. Finally, email the password-protected ZIP file to [email protected]

Once the ticket has been addressed, LogDev will delete the message from the Spam mailbox