I need a solution
We submitted a sample to Symantec Security Response (Tracking #38316728) on January 28, 2014 for analysis and the automated response was that the sample was "not a threat." We disagreed with this determination without any path to ask Symantec for a closer look.
Based on information we know about this sample:
1. Virus total shows 9 AV engines that determined that this file was malicious (although most were heuristic engines)
2. The file was compiled only 3 days ago
3. It was executing from the user's AppData\Roaming directory
4. It communicates to a dynamic DNS address, which points to an IP address in Brazil
I don't have to see the file myself to say that this is 99% certainly bad.
Sample MD5: 1c481505230953f110d89c4b6d2579a6
Today, however, I checked VirusTotal and it shows the sample is a threat and Symantec does detect it as "WS.Reputation.1" with and update of 20140128. Wait... what?!
https://www.virustotal.com/en/file/e222c61162fc4d8a677f84576ed9bc55568b7f6165d04b837df7e7559e485bba/analysis/
Do we have any alternative paths to get a file flagged as malicious for the purposes of getting it detected in our AV? Sometimes this is the quickest way for us to remediate a virus infection and this severely increases the time to respond; this is not good for us.
What is your recommended path of escalation for samples which we feel are a threat, but the automated analysis determines otherwise?