more info on PUP.optional.bandoo.a malware

Posted on 2014-03-13
Medium Priority
Last Modified: 2014-03-15

A scan on a client machine revealed pup.optional.bandoo.a malware. Machine has since been re-formatted and windows re-installed so it's no longer an issue.

The question is how dangerous is this virus? Is it likely that clients documents/files/emails were compromised? I did read on some websites that this malware is used for identity theft and is very dangerous. Is this true?

Thanks for your responses.


Question by:Dylan_E
LVL 62

Assisted Solution

gheist earned 800 total points
ID: 39928888
It is a spyware, most likely it records clicks by user, no criminal intent, they even have webpage with privacy policy.
LVL 27

Accepted Solution

skullnobrains earned 1200 total points
ID: 39931542
this is only a personal feeling combined with a bit of google research and old memories from having fought against this dirty stuff on a friend's computer but here goes

- i do not think it actually installs a rootkit or can install itself on the computer's hardware in any way
- it does not seem like it has the capability to move from host to host, and is not really a virus in this respect
- i do not believe it is targetted towards identity theft

but then
- it does open a port in the windows firewall but i did not see it creating a corresponding socket (did not try much either)
- it is definitely a very persistent piece of malware and is uselessly annoying for the user compared to it's known goals
- there is high chances that this malware downloads other malware that have much worse capabilities and goals. the fact that it adds a security exception to the windows firewall would indicate an attempt to setup some kind of possible (idiotic) remote control or just an attempt to focus the analyser's attention on something dumb and trivial to mask other activities. there is a possibility that some of these other malware have infected other hosts.

bottomline : it is probably not it's goal and is quite unlikely that it did steal documents. anyway what the hell would the authors do with a bunch of documents stolen on a gigantic pool of random pcs ? still anyway, assuming it is the case, would that change your future actions in any way ? you can't do a thing about it whatever you attempt.

most windows computers are infected by some kind of malware. hopefully most of them don't attempt to solve personal data or credit card numbers, and actually most of them are either dormant zombies or dormant pieces of software that are patiently waiting for a specific time and day to perform some kind of DOS attack. the vast majority of active ones are used to harvest mail addresses and send spam. nothing personal there

bandoo is not the only one you have. just one that is crafted in such a way that you have to notice it.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question