Help
Somebody said that the were told by TD Bank technical support, their account was compromised, and who ever tried to get in knew the login and passwork but not the security questions. TD Bank support also said that the only way to get rid of the worm was to wipe the HD and reinstall the OS. That no anti-virus/malware program would be able to detect it and therefore clean the PC. The support person is some sort of top security officer in the North American HQ. The person with the 'infected' PC has run anti malware and anti virus s/w but nothing was found. Is it true that there are worms/viruses that can't be detected at all, even with the best anti s/w? I think TD is just covering there butt with a standard response. Thx in advance.
Page 1 of 1
are there undetectable worms?
#1
- Member
-
- Group: Members
- Posts: 22
- Joined: 29-October 07
- Gender:Male
- Location:Vermont
Posted 08 April 2011 - 03:15 PM
Back to top
#2
- Senior Member
-
- Group: Malware Study Hall Junior
- Posts: 462
- Joined: 08-April 11
- Gender:Male
- Location:Canada
Posted 08 April 2011 - 03:22 PM
Unless this person examined the PC he doesn't know what type of malware is on the PC, he's just guessing. As for undetectable worms, I don't know if they exist but there are security companies and hackers who continuously work on creating harder to detect rootkits. Check out the link below.
http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/2
http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/2
#3
- Bleepin' Animinion
-
- Group: Site Admin
- Posts: 18,934
- Joined: 18-August 05
- Gender:Male
- Location:Location, Location
Posted 08 April 2011 - 04:09 PM
I will share with you a couple of our standard responses for backdoor malware that is identified on a members machine.
***************************************************
#1.
Hello.
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC may be compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you wish to format and reinstall please stop here and let me know. If you wish to continue cleaning, read on and complete the following steps, but please acknowledge that you have read this in your next reply.
***************************************************
#2
Your decision as to what action to take should be made by reading and asking yourself the questions presented in the "When should I re-format?" and What Do I Do? links previously provided. As I already said, in some instances an infection may leave so many remnants behind that security tools cannot find them and your system cannot be completely cleaned, repaired or trusted. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition removes everything and is the safest action but I cannot make that decision for you.
Tips to protect yourself against malware and reduce the potential for re-infection:
• Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.• Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:Microsoft Security Advisory (967940): Update for Windows Autorun
• Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
***************************************************
Once it has been identified that some sort of backdoor malware has been identified, it is very difficult to say the machine can be trusted again. Especially when it comes to any sort of financial transactions. In a way yes the financial institution is covering themselves. But the reality is it is hard to say with complete confidence the machine can be trusted again without being 'nuked and repaved'.
***************************************************
#1.
Hello.
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC may be compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
- How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
- What Should I Do If I've Become A Victim Of Identity Theft?
- Identity Theft Victims Guide - What to do
- When should I re-format? How should I reinstall?
- Help: I Got Hacked. Now What Do I Do?
- Where to draw the line? When to recommend a format and reinstall?
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you wish to format and reinstall please stop here and let me know. If you wish to continue cleaning, read on and complete the following steps, but please acknowledge that you have read this in your next reply.
***************************************************
#2
Your decision as to what action to take should be made by reading and asking yourself the questions presented in the "When should I re-format?" and What Do I Do? links previously provided. As I already said, in some instances an infection may leave so many remnants behind that security tools cannot find them and your system cannot be completely cleaned, repaired or trusted. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition removes everything and is the safest action but I cannot make that decision for you.
Tips to protect yourself against malware and reduce the potential for re-infection:
- Simple and easy ways to keep your computer safe and secure on the Internet.
- Your Guide To Staying Safe Online.
- Hardening Windows Security - Part 1 & Part 2.
- Configuring Internet Explorer for Practical Security and Privacy - How to Secure Your Web Browser.
- The Antivirus Defense-in-Depth Guide.
- Use Task Manager to close pop-up messages to safely exit malware attacks.
• Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.• Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
- What security risks are associated with USB drives?.
- USB-Based Malware Attacks.
- When is AUTORUN.INF really an AUTORUN.INF?.
Quote
...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...
• Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
- Bleeping Computer's Freeware Replacements For Common Commercial Apps
- Bleeping Computer's List of Virus & Malware Resources
***************************************************
Once it has been identified that some sort of backdoor malware has been identified, it is very difficult to say the machine can be trusted again. Especially when it comes to any sort of financial transactions. In a way yes the financial institution is covering themselves. But the reality is it is hard to say with complete confidence the machine can be trusted again without being 'nuked and repaved'.
The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+
Andrew Brown
A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+
#4
- Member
-
- Group: Members
- Posts: 22
- Joined: 29-October 07
- Gender:Male
- Location:Vermont
Posted 08 April 2011 - 04:51 PM
Thank you both for the responses. I will pass the information on to this person. My first choice would have been to try and identify the offending critter(s). Just because i'm stubborn. After that I would have re-formated the hd and reinstalled the os. That's just me. Once again, thanks.
Share this topic:
Page 1 of 1