Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How often do viruses steal pictures/videos off your computer?


  • Please log in to reply
13 replies to this topic

#1 ihatevirus101

ihatevirus101

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 31 December 2016 - 03:14 PM

How often do viruses steal pictures/videos off your computer and transfer them to its server? And how would you find out if a virus had already done that? 

 



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 01 January 2017 - 07:44 AM

There are no statistics to answer your first question.

 

The malware needs to be reverse engineered (analyzed) to:

1) determine if it upload pictures

2) analyze how this is done

3) determine if the upload process leaves artifacts behind


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 RolandJS

RolandJS

  • Members
  • 4,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:44 PM

Posted 01 January 2017 - 08:54 AM

Thread-starter, did you have any of your pictures and such get copied elsewhere?  I'd like to learn more about this.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 01 January 2017 - 12:05 PM

How often do viruses steal pictures/videos off your computer and transfer them to its server?


This does not happen often.

So called trojan stealers usually search for files that contain credentials, but not for images or videos.

Certain ransomware families threaten with file exposure, but so far none of them are actually capable of data uploads.

An attacker might get control over the computer using an remote access trojan. They would then be able to search the computer manually for interesting files. Some of them search for embarrassing images that they can use to blackmail the computer owner or they take pictures or videos with the computer's webcam to do the same. This kind of threat is the most likely one that might actually submit images or videos to the attacker.

 

In more rare cases targeted attacks to steal other company's secrets could also include stealing images and videos if they are of interest for the attacker.
 

And how would you find out if a virus had already done that?


You could monitor the network activity all the time, but that's nothing you can apply after a potential attack.
If you find malware on a system, you can analyse it to find out if it is capable of stealing data. But that would still not mean that files were actually uploaded.
There might be more methods to find traces of such activity on a system, but this is something an expert in Forensics would know better than me, and it also depends on the kind of system.



#5 ihatevirus101

ihatevirus101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 January 2017 - 03:06 PM

Thread-starter, did you have any of your pictures and such get copied elsewhere?  I'd like to learn more about this.


Not that I know of. But I've been paranoid of that having happened. I had pictures and videos of personal nature stored on the same computer that I used to download and install software from torrent sites. I know that was a bad idea. All these years, before I did a factory reset of my computer recently, i hadn't noticed any strange behavior on my PC but then again some viruses are silent and don't do any harm while they steal your sensitive data. 

 
 

So called trojan stealers usually search for files that contain credentials, but not for images or videos.


Hopefully that was the case for me if I was compromised at all.
 

Certain ransomware families threaten with file exposure, but so far none of them are actually capable of data uploads.


I haven't had that happen to me.
 

An attacker might get control over the computer using an remote access trojan. They would then be able to search the computer manually for interesting files. Some of them search for embarrassing images that they can use to blackmail the computer owner or they take pictures or videos with the computer's webcam to do the same. This kind of threat is the most likely one that might actually submit images or videos to the attacker.


How common are remote access trojan? Would such an intrusion be noticeable to the computer owner?
Since no one has black mailed me all these years (about 5 years) I can assume that either I wasn't 'attacked' or the attacker has other use for my files that don't directly involve me. Would they leak my files to some porn websites? I guess I'm being too paranoid. It seems most attackers are financially motivated so if they haven't black mailed me I can assume they have no use for my pictures/videos, that is if they compromised my computer in the first place. I mean why would an attacker waste his time, effort and bandwidth copying pictures and videos of a random person if he has no financial motive? It seems unlikely to imagine they would waste their energy just for fun or to humiliate a stranger. 
 
 

You could monitor the network activity all the time, but that's nothing you can apply after a potential attack.
If you find malware on a system, you can analyse it to find out if it is capable of stealing data. But that would still not mean that files were actually uploaded.
There might be more methods to find traces of such activity on a system, but this is something an expert in Forensics would know better than me, and it also depends on the kind of system.


Unfortunately I can't do that since I did a factory resetting of my computer with recovery discs recently in the hope to remove any hidden viruses.

I guess i'm being being overly paranoid. I did use various anti-virus programs, one paid and other free version. In later years also used free version of Malwarebytes to scan and quarantine some risky files. I regularly installed windows updates too. Hopefully all of that blocked more viruses.


Edited by ihatevirus101, 01 January 2017 - 03:36 PM.


#6 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 01 January 2017 - 05:02 PM

How common are remote access trojan? Would such an intrusion be noticeable to the computer owner?


They are very common and in some cases they are noticeable as well.

An infection with a remote access trojan can feel like your computer is possessed by a ghost or has a life on its own. It might hog the CPU, spawn too many processes, move the mouse, open and close windows, or open and close the DVD drive, some people notice their web cam light turning on. But those things don't have to happen, the system can have such an infection without any of those signs.

 

If you suspect any kind of infection, you can ask for help in the Am I infected? section.

 

Since no one has black mailed me all these years (about 5 years) I can assume that either I wasn't 'attacked' or the attacker has other use for my files that don't directly involve me. Would they leak my files to some porn websites? I guess I'm being too paranoid. It seems most attackers are financially motivated so if they haven't black mailed me I can assume they have no use for my pictures/videos, that is if they compromised my computer in the first place. I mean why would an attacker waste his time, effort and bandwidth copying pictures and videos of a random person if he has no financial motive? It seems unlikely to imagine they would waste their energy just for fun or to humiliate a stranger.

 

 

Financial gain is the No 1 motivation for criminals and these kind of people would not take the time to go through your files manually if they can make more money by automating tasks.

 

But there is also the kind of destructive attacker, often teenager, who use those trojans to "have fun" and play games. If your system was compromised by this kind of destructive attacker, you would probably already know about it. It is in my opinion highly unlikely that someone uploads images and videos to a porno platform without letting you know. What use is this kind of humiliation to these attackers if you don't know that you have been humiliated?



#7 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:02:44 PM

Posted 01 January 2017 - 05:30 PM

Remote Administrative Trojan/Tool (RAT) http://ijcsmc.com/docs/papers/March2014/V3I3201499a33.pdf
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#8 RolandJS

RolandJS

  • Members
  • 4,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:44 PM

Posted 01 January 2017 - 06:24 PM

ihatevirus, I have a suggestion:  purchase two 1TB usb powered exterrnal HDs; using Macrium Reflect or something similar - copy all the data folders and their files onto both of those external HDs - you want two complete backups, not just one.  After verifying you have safely made the two backups, disconnect the two ext HDs and delete the data folders and their files from the hard-drive that shares the torrent downloads. 


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:44 PM

Posted 01 January 2017 - 10:12 PM

Backing up data and disk imaging are among the most important maintenance tasks users should perform on a regular basis to protect themselves from malware infection, yet it's one of the most neglected areas.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 RolandJS

RolandJS

  • Members
  • 4,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:44 PM

Posted 02 January 2017 - 08:20 AM

Quietman7 has given what would be my normal answer.  Howevr, because the thread starter is worried about somebody/something lifting his pics off of his internal torrent-active hard-drive -- I gave what would be one solution matching his original concern.  He would have two ext HDs with his pics, ready for instant plugging in and accessing on a need-to-do basis, and would have no pics residing on his torrent-active hard-drive.


Edited by RolandJS, 02 January 2017 - 08:21 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#11 ihatevirus101

ihatevirus101
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 02 January 2017 - 01:57 PM

Hi, my worry is not about what would happen but what has happened. Since then I've restored my computer to its factory setting and when I did that it automatically deleted all my pictures and videos. I didn't want to back them. I feel my computer is free of virus now. My worry is what happened prior to the factory restore when my computer had cracked software installed. 



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:44 PM

Posted 02 January 2017 - 02:09 PM

... My worry is what happened prior to the factory restore when my computer had cracked software installed.

The practice of using keygens, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Please read this topic...Using these types of programs or the websites visited to get them is a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 02 January 2017 - 03:20 PM

We understand that you worry about what happened, but with the reinstallation of your machine, all potential evidence is lost.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 RolandJS

RolandJS

  • Members
  • 4,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:44 PM

Posted 03 January 2017 - 05:26 AM

"...My worry is what happened prior to the factory restore..."

Adding to Quietman7's post, borrowing an idea from Liberty Mutual:

"...your worry is what is very likely going to happen after the factory restore on your torrent-active computer..."


Edited by RolandJS, 03 January 2017 - 05:26 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users