I don't know if this is the right forum to ask speculative questions but you guys at BC seem to really know what you're doing and I'd like to ask a couple of malware related questions that I can't seem to find answers to elsewhere.
I'm interested in RATs and other trojans with backdoor functionality as I've only just become aware of how serious those infections can be and especially with all the stories of webcam spying going around, I'm a tad paranoid.
1. Backdoor functionality - Say I was infected with a backdoor trojan/RAT and managed to remove it, I know that although the infection is gone, the computer is now considered compromised and should be formatted and the OS reinstalled. What exactly do you mean by 'compromised'? Does this mean that attackers can inject more malware into your system and attack you that way? Or does it give them a window to hack you without traceable means? For example, if they put more trojans/worms/viruses in your computer, logic suggests that your AV or whatever would pick them/or at least some of them up eventually so you'd know you were infected. Or can they just hack in and do what they want without ever leaving a trace?
2. Crypters - my thin research on crypters and tools to make malware FUD has given me a mixed bag of results. Some places say public crypters (what most people use) are useless and usually are detected within a few days of release meaning they have a very short shelf life and ability to go untraced, whilst some talk about how they stay FUD for ages and victims never know they're infected. Which of these is more or less correct? (I'm learning that there's no exact science when it comes to malware, so of course this will be subjective but even so, insight would be appreciated).
For example, say I was infected a while ago, months or even years back, but AV and anti-malware never, and still doesn't detect anything, could it be because the malware was crypted? The crypted part maybe being updated online or something? If so, how come all malware isn't employed like this? It seems like a good idea (for malware creators and users, not us of course) as a way to keep their attacks hidden for long periods of time.
And one last quick one: do you know if any of these webcam hack/Ratting cases used AV products or anti-malware? When I read up articles on it the writers seem to be more interested in scare mongering (it's working on me) than talk about the more nuanced facts like how the victims machines were secured prior to and during the attacks, which would definitely be useful information for those worried about the security of their own machines. If the victims had no security at all, then it would make sense that they had been unaware but if they did, I don't understand how it went undetected for such long periods of time, especially with real time and heuristic detection and such, unless the malware was seriously FUD. But seeing as script kiddies tend to carry out these attacks, i doubt they have the skills to create anything truly FUD (otherwise everyone would be doing it). I figured that would be NSA level or something. Am I wrong in assuming this?
I'm talking more generally about general attacks like getting malware through dodgy downloads or clicking bad links, rather than more targeted or physical attacks as naturally those would be more tailored to the victim and less prevalent and so their levels of espionage will probably be higher.
Oh gosh, this ended up being much longer than anticipated. I hope you will be able to answer some of these to help me better understand this crazy malware world. I'm ashamed to say I'd been so pitifully uninformed before.
(Also, a big thanks to all the good work you guys do here. You really are doing a great job keeping PC's clean and users informed. I wish I'd discovered you guys much earlier. I'd be a hell of a lot less confused and paranoid right now!)
Edited by user3895, 26 June 2015 - 06:06 AM.