Solved

more info on PUP.optional.bandoo.a malware

Posted on 2014-03-13
2
1,233 Views
Last Modified: 2014-03-15
Hi,

A scan on a client machine revealed pup.optional.bandoo.a malware. Machine has since been re-formatted and windows re-installed so it's no longer an issue.

The question is how dangerous is this virus? Is it likely that clients documents/files/emails were compromised? I did read on some websites that this malware is used for identity theft and is very dangerous. Is this true?

Thanks for your responses.

Regards

Dylan
0
Comment
Question by:Dylan_E
2 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 39928888
It is a spyware, most likely it records clicks by user, no criminal intent, they even have webpage with privacy policy.
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 300 total points
ID: 39931542
this is only a personal feeling combined with a bit of google research and old memories from having fought against this dirty stuff on a friend's computer but here goes

- i do not think it actually installs a rootkit or can install itself on the computer's hardware in any way
- it does not seem like it has the capability to move from host to host, and is not really a virus in this respect
- i do not believe it is targetted towards identity theft

but then
- it does open a port in the windows firewall but i did not see it creating a corresponding socket (did not try much either)
- it is definitely a very persistent piece of malware and is uselessly annoying for the user compared to it's known goals
- there is high chances that this malware downloads other malware that have much worse capabilities and goals. the fact that it adds a security exception to the windows firewall would indicate an attempt to setup some kind of possible (idiotic) remote control or just an attempt to focus the analyser's attention on something dumb and trivial to mask other activities. there is a possibility that some of these other malware have infected other hosts.

bottomline : it is probably not it's goal and is quite unlikely that it did steal documents. anyway what the hell would the authors do with a bunch of documents stolen on a gigantic pool of random pcs ? still anyway, assuming it is the case, would that change your future actions in any way ? you can't do a thing about it whatever you attempt.

most windows computers are infected by some kind of malware. hopefully most of them don't attempt to solve personal data or credit card numbers, and actually most of them are either dormant zombies or dormant pieces of software that are patiently waiting for a specific time and day to perform some kind of DOS attack. the vast majority of active ones are used to harvest mail addresses and send spam. nothing personal there

bandoo is not the only one you have. just one that is crafted in such a way that you have to notice it.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question