uploadmalware.com is this site legitimate?

I came across this site: uploadmalware.com

UploadMalware.com is an easy way for you to submit files for analysis by anti-malware and security professionals.

This site it completely free to use, and requires no registration of any kind

This site says it sends uploaded malware samples to a number of anti-malware venders to be analyzed.

Is this site legitimate? Does Avast receive malware samples submitted to uploadmalware.com?

If this site is for real, how fast do samples get sent to Avast?

I have never heard of it and my major concerns here are there is no terms or outline of what is done with the malware uploaded. In fact there is no information at all about the site, so I wouldn’t use it but would use one of the known sites like virustotal or Jotti which do send samples to the AV scanners used during the scans if one of the contributing AVs doesn’t detect it.

The uploadmalware.com site doesn’t do what virustotal of jotti do and upload the sample and immediately run the scan, displaying the results. Presumably the only way for you to find anything out is to supply your email address or join their live chat. Would you do that with a site you know nothing about that doesn’t have any privacy policy and nothing about the site or who is behind it. Absolutely no way.

Whilst they say they send the file to avast, I simply can’t take that at face value.

Report 2010-08-03 04:36:15 (GMT 1)
Website uploadmalware.com
Domain Hash 6f8424258502365dc6806d100fc465f8
IP Address 89.149.227.36 [SCAN]

Report 2010-08-03 09:03:21 (GMT 1)
IP Address 89.149.227.36
IP Hostname server.atridns.com
IP Country DE
AS Number 28753
AS Name NETDIRECT AS NETDIRECT Frankfurt, DE
Detections 2 / 26 (8 %)
Status SUSPICIOUS

Scanning IP with: Infiltrated BL DETECTED
Scanning IP with: MyWOT DETECTED

http://www.mywot.com/en/scorecard/89.149.227.36

Looking at the source code… Seems the site doesn’t send the file anywhere.

That is always what concerns me as without general site information and credentials to indicate it isn’t just another anonymous malware collection centre for all the wrong reasons.

Hi DavidR,

It is on the snort reported shunlist: http://www.autoshun.org/files/shunlist.csv

polonus

Yes it is legitimate I use it quite a lot to enable the experts to pull apart suspected malware

EDIT: Forgot to add it is run by Atribune a respected tool maker, note also the reference to the forum where you were asked to upload the file from. Once analysis is completed the helper on that thread is informed of the result

Hi essexboy,

Than you have the final word,

polonus

Then they need to stop hiding their light under a bushel and give some information accessible from the home page on what the site is all about, who runs it and what the analysis process is all about, as anonymous sites like this give me the willies.

As I said before there doesn’t seem to be any way to get information on your submission unless you are prepared to give your email (or live chat, I don’t use chat applications at all) and I certainly wouldn’t give it out on blind trust. So for the likes of me there doesn’t seem to be any way of getting information on the file uploaded, which kind of defeats the purpose of uploading it. You will note the avast unpxxxx.tmp file I uploaded without giving an email address and there is no way to access any results.

It is mainly used on malware forums for looking at suspect files, the helper is given an analysis of the file and it is forwarded to MBAM, sUBs and other toolmakers for inclusion in the tools. I also believe Kaspersky gets some files, hence the TDSSKiller being exceptionally good at that single infection job

This if from uploadmalware.com website.

We currently submit files to the following AntiMalware Vendors:

A-Squared, Ad-Aware, Ahnlab, AntiVir, ArcaBit, Arbor Networks, Authentium, Avast, Bit9, BitDefender, BoClean, Central Command, ClamAV, ClamWin, Comodo, Computer Associates, Counterspy, DialogueScience, DrWeb, eAcceleration, eSafe, Eset (NOD32), Ewido, Fortinet, Frisk / F-Prot, F-Secure, Grisoft (AVG), Ikarus, Kaspersky, McAfee, Protector Plus, Windows Defender, Norman, Panda Software, Proantivirus Lab, Sophos, Spybot S&D, SpySweeper, SuperAntiSpyware, THAV Antivirus, The Cleaner, Trend Micro, Trojan Remover, TrojanHunter, ViRobot, VirusBlokAda, QuickHeal, UNA, Virusbuster

Are we missing one you think we should add? Please email their submission email address to dave at uploadmalware.com (change at to @).

If you’d like to be added to the list of analysts please feel free to contact me at dave at uploadmalware.com (change at to @) with your credentials. If you do not work in the anti-malware industry or are a well known security expert access will not be given.

  1. Interesting. Thanks for the info…!
  2. Seems there’s a possible FP on their site…
    http://safeweb.norton.com/report/show?url=atribune.org
    asyn