?
Solved

more info on PUP.optional.bandoo.a malware

Posted on 2014-03-13
2
Medium Priority
?
1,308 Views
Last Modified: 2014-03-15
Hi,

A scan on a client machine revealed pup.optional.bandoo.a malware. Machine has since been re-formatted and windows re-installed so it's no longer an issue.

The question is how dangerous is this virus? Is it likely that clients documents/files/emails were compromised? I did read on some websites that this malware is used for identity theft and is very dangerous. Is this true?

Thanks for your responses.

Regards

Dylan
0
Comment
Question by:Dylan_E
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 800 total points
ID: 39928888
It is a spyware, most likely it records clicks by user, no criminal intent, they even have webpage with privacy policy.
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 1200 total points
ID: 39931542
this is only a personal feeling combined with a bit of google research and old memories from having fought against this dirty stuff on a friend's computer but here goes

- i do not think it actually installs a rootkit or can install itself on the computer's hardware in any way
- it does not seem like it has the capability to move from host to host, and is not really a virus in this respect
- i do not believe it is targetted towards identity theft

but then
- it does open a port in the windows firewall but i did not see it creating a corresponding socket (did not try much either)
- it is definitely a very persistent piece of malware and is uselessly annoying for the user compared to it's known goals
- there is high chances that this malware downloads other malware that have much worse capabilities and goals. the fact that it adds a security exception to the windows firewall would indicate an attempt to setup some kind of possible (idiotic) remote control or just an attempt to focus the analyser's attention on something dumb and trivial to mask other activities. there is a possibility that some of these other malware have infected other hosts.

bottomline : it is probably not it's goal and is quite unlikely that it did steal documents. anyway what the hell would the authors do with a bunch of documents stolen on a gigantic pool of random pcs ? still anyway, assuming it is the case, would that change your future actions in any way ? you can't do a thing about it whatever you attempt.

most windows computers are infected by some kind of malware. hopefully most of them don't attempt to solve personal data or credit card numbers, and actually most of them are either dormant zombies or dormant pieces of software that are patiently waiting for a specific time and day to perform some kind of DOS attack. the vast majority of active ones are used to harvest mail addresses and send spam. nothing personal there

bandoo is not the only one you have. just one that is crafted in such a way that you have to notice it.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question