Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

About backing up data


  • Please log in to reply
5 replies to this topic

#1 Okuu

Okuu

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 09 October 2011 - 05:31 PM

I realize it'll be a few days before I can get help on malware, so I thought I'd ask this in the meantime.

Suppose I know I've got the Google redirect virus. No signs of offline activity being affected so far. Meanwhile, is it a good idea to make a backup of specific files to an external HD? (I'm using SeaGate). Not the whole thing, I'm simply looking to move some .psd and .png files I'm working on.

I.e., has it been heard of for a rouge program to send something along for the ride when I connect the USB port for the external HD, or perform the write?

While I'm at it, I'm wondering if a similar trick is possible on a version control program like Git or Subversion. Is it unwise to Commit files to a repository while the computer is in this state?

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 10 October 2011 - 03:57 AM

I.e., has it been heard of for a rouge program to send something along for the ride when I connect the USB port for the external HD, or perform the write?

Yes, there is a lot of malware that will propagate via removable drives: when you insert a removable drive like a USB stick in the infected computer, the malware copies itself to the USB stick and can use different tricks for automatic execution when it is inserted into another computer, like autorun.

While I'm at it, I'm wondering if a similar trick is possible on a version control program like Git or Subversion. Is it unwise to Commit files to a repository while the computer is in this state?

Yes, there exists malware in-the-wild that changes source code, but it is less prevalent than removable drive infecting malware.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 October 2011 - 11:09 AM

Thanks, good to know.

#4 Okuu

Okuu
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 16 October 2011 - 10:09 PM

One more option I wanted to check -- suppose you email some files to yourself (.pngs and .psds in my case) while infected with something unknown (symptoms indicate TDSS). Like with Gmail for example. What damages are possible-- is it possible to do damage on the e-mail account itself, or have the files you're trying to send be replaced with something else?

#5 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:03:57 PM

Posted 17 October 2011 - 12:20 AM

I can't be sure, but from my research, I have never seen or heard of that happening, but with the advancements in TDSS, one never knows. But as far as I can tell, PSD and PNG files are pretty clear when sent over.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 17 October 2011 - 05:04 AM

Like with Gmail for example.


Risk of infection is pretty small, because there's not a lot of malware in the wild that exploits vulnerabilities in PNG or PSD viewers. And if you are using Gmail, then you will have the added benefit that Gmail will scan the attachments, and it will also refuse executables. And you can check if it's a real picture with the Google doc viewer. So that risk is pretty low.

But there's a more important risk: that the malware on your machine steals your Gmail credentials. If you logon to Gmail on an infected machine, there can be a keylogger or password stealer that will steal your password when you type it. But in your case, you can mitigate that risk: create a new Gmail account with a new password, use that to send mail from the infected machine, and then change the password again on a clean machine.

Edit: actually, it's even better to delete this Gmail account after you're done: https://www.google.com/support/accounts/bin/answer.py?answer=61177
But watch out, don't get confused and delete your real Gmail account ;-)

Edited by Didier Stevens, 17 October 2011 - 06:40 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users