Solved

more info on PUP.optional.bandoo.a malware

Posted on 2014-03-13
2
1,183 Views
Last Modified: 2014-03-15
Hi,

A scan on a client machine revealed pup.optional.bandoo.a malware. Machine has since been re-formatted and windows re-installed so it's no longer an issue.

The question is how dangerous is this virus? Is it likely that clients documents/files/emails were compromised? I did read on some websites that this malware is used for identity theft and is very dangerous. Is this true?

Thanks for your responses.

Regards

Dylan
0
Comment
Question by:Dylan_E
2 Comments
 
LVL 61

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 39928888
It is a spyware, most likely it records clicks by user, no criminal intent, they even have webpage with privacy policy.
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 300 total points
ID: 39931542
this is only a personal feeling combined with a bit of google research and old memories from having fought against this dirty stuff on a friend's computer but here goes

- i do not think it actually installs a rootkit or can install itself on the computer's hardware in any way
- it does not seem like it has the capability to move from host to host, and is not really a virus in this respect
- i do not believe it is targetted towards identity theft

but then
- it does open a port in the windows firewall but i did not see it creating a corresponding socket (did not try much either)
- it is definitely a very persistent piece of malware and is uselessly annoying for the user compared to it's known goals
- there is high chances that this malware downloads other malware that have much worse capabilities and goals. the fact that it adds a security exception to the windows firewall would indicate an attempt to setup some kind of possible (idiotic) remote control or just an attempt to focus the analyser's attention on something dumb and trivial to mask other activities. there is a possibility that some of these other malware have infected other hosts.

bottomline : it is probably not it's goal and is quite unlikely that it did steal documents. anyway what the hell would the authors do with a bunch of documents stolen on a gigantic pool of random pcs ? still anyway, assuming it is the case, would that change your future actions in any way ? you can't do a thing about it whatever you attempt.

most windows computers are infected by some kind of malware. hopefully most of them don't attempt to solve personal data or credit card numbers, and actually most of them are either dormant zombies or dormant pieces of software that are patiently waiting for a specific time and day to perform some kind of DOS attack. the vast majority of active ones are used to harvest mail addresses and send spam. nothing personal there

bandoo is not the only one you have. just one that is crafted in such a way that you have to notice it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now