Malware detection (Trojan)

Für alles, was nicht mit fischertechnik zu tun hat.
Miscellaneous - everything that has nothing to do with ft
Forumsregeln
Bitte beachte die Forumsregeln!
Antworten
Benutzeravatar
han
Beiträge: 14
Registriert: 01 Nov 2010, 01:16
Wohnort: Beets, Nederland
Kontaktdaten:

Malware detection (Trojan)

Beitrag von han » 18 Nov 2010, 19:04

Hi to all,

I had some horrible malware (a Trojan) on my computer which was not detected by any antivirus software. So I had to remove it myself. That took some time.
For those who are interested more information can be found here: http://www.infoprac.nl/malware. I think it contains some information useful for more of us.

Grüsse, Han.

heiko
Beiträge: 256
Registriert: 28 Okt 2010, 17:10

Re: Malware detection (Trojan)

Beitrag von heiko » 18 Nov 2010, 21:14

Hi,

congratulations on finding and removing the malware. Now was it named after you? I remember some comets and small planets that were also named after their first observers, despite them being amateurs ... :-)

On a sidenote, my malware experience is restricted to removing the hard drive, plugging it to another machine and doing everything remote, without executing anything from there. This is usually safe practice.

Heiko

Benutzeravatar
han
Beiträge: 14
Registriert: 01 Nov 2010, 01:16
Wohnort: Beets, Nederland
Kontaktdaten:

Re: Malware detection (Trojan)

Beitrag von han » 21 Nov 2010, 00:04

Hello heiko,

No, my name is not Spy.Carberp, so the malware isn't named after me. It would be barely an honour to be remembered as a virus. But as a comet would be nice.

I had made the webpage as information for the anti virus software developers, but I think everyone can learn from it that it is useful to monitor from time to time the internet activity of his computer for suspicious unwanted traffic. It also shows that malware can be placed on a computer (also from trusted sites) and be executed totally unnoticed by the user. There are very many computers in the world with an infection unknown to their owners.

Is it really safe what you do? What if you plug your harddisk back to the internet connected computer?

Regards, Han.

heiko
Beiträge: 256
Registriert: 28 Okt 2010, 17:10

Re: Malware detection (Trojan)

Beitrag von heiko » 21 Nov 2010, 23:28

Hi,

I know that theoretically, this method is not safe. I would have lost against stuxnet's 'plug&play'-capabilities. But infections just by plugging in a device without any keyboard or mouse command are quite rare*, and I don't expect most viruses to be that advanced. On that level, infections over network also have to be taken into account, even if no service is running or all services have no known vulnerabilities. So any machine with an ethernet cable must be considered insecure. But such a device wouldn't be useful for me, so I'm happily taking that risk.

* Wouldn't it be too easy to make a usb stick that appears as a hub, attached a virtual keyboard and mass storage device? The mass storage device will get mounted, and then the keyboard just has to press 'yes' to execute a file. I wouldn't know how this can be prevented generally.

Heiko

Antworten