Solved

more info on PUP.optional.bandoo.a malware

Posted on 2014-03-13
2
1,276 Views
Last Modified: 2014-03-15
Hi,

A scan on a client machine revealed pup.optional.bandoo.a malware. Machine has since been re-formatted and windows re-installed so it's no longer an issue.

The question is how dangerous is this virus? Is it likely that clients documents/files/emails were compromised? I did read on some websites that this malware is used for identity theft and is very dangerous. Is this true?

Thanks for your responses.

Regards

Dylan
0
Comment
Question by:Dylan_E
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 39928888
It is a spyware, most likely it records clicks by user, no criminal intent, they even have webpage with privacy policy.
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 300 total points
ID: 39931542
this is only a personal feeling combined with a bit of google research and old memories from having fought against this dirty stuff on a friend's computer but here goes

- i do not think it actually installs a rootkit or can install itself on the computer's hardware in any way
- it does not seem like it has the capability to move from host to host, and is not really a virus in this respect
- i do not believe it is targetted towards identity theft

but then
- it does open a port in the windows firewall but i did not see it creating a corresponding socket (did not try much either)
- it is definitely a very persistent piece of malware and is uselessly annoying for the user compared to it's known goals
- there is high chances that this malware downloads other malware that have much worse capabilities and goals. the fact that it adds a security exception to the windows firewall would indicate an attempt to setup some kind of possible (idiotic) remote control or just an attempt to focus the analyser's attention on something dumb and trivial to mask other activities. there is a possibility that some of these other malware have infected other hosts.

bottomline : it is probably not it's goal and is quite unlikely that it did steal documents. anyway what the hell would the authors do with a bunch of documents stolen on a gigantic pool of random pcs ? still anyway, assuming it is the case, would that change your future actions in any way ? you can't do a thing about it whatever you attempt.

most windows computers are infected by some kind of malware. hopefully most of them don't attempt to solve personal data or credit card numbers, and actually most of them are either dormant zombies or dormant pieces of software that are patiently waiting for a specific time and day to perform some kind of DOS attack. the vast majority of active ones are used to harvest mail addresses and send spam. nothing personal there

bandoo is not the only one you have. just one that is crafted in such a way that you have to notice it.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Ready for our next Course of the Month? Here's what's on tap for June.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question