- Dec 12, 2021
- 317
Im gonna admit something too, I (almost) got compromised by Agent Tesla.
I was being careless and shoulve done it in an VM (Im not honestly sure what I was thinking) and decided to install an torrented program that I wanted, it worked as expected, but my antivirus at the time (Symantec Endpoint) popped up saying it blocked ISBgeneric (or something similarly named) in Powershell, this happened on every restart, until I eventually decided to root around the folders that malware tends to hide in (Temp, appdata Roaming, ProgramData, etc), but I didnt find anything, but the stupid thing is that I went right past it when looking for it, it was in C:\Users\(My username), called CRSS.exe which I actually looked at for a few seconds, but in that moment of panic I must have gone right past it.
I decided to uninstall Symantec as it wasnt finding anything (which was pretty stupid of me to do), but seconds later after updating Windows Defender, it caught the malware that Symantec missed, the exact CRSS.exe file that I had gone right over, Symantec must have simply blocked the initial attempt of execution, but did not find the dropped payload.
Moral of the story, I screwed up and realized I am not as invulnerable as I previously thought, I was being too confident with my security which was eventually what resulted in myself almost getting compromised. I learnt my lesson and now understand what its like going trough something like this, not being able to think clearly and making stupid decisions when i already supposedly knew what to do in the event of malware on my system. Ever since then I have completely embraced the Zero Trust/Default Deny strategy using Hard_Configurator.
I figured its just nice knowing that we are not alone, everyone make mistakes, even people like Jim Browning.
I was being careless and shoulve done it in an VM (Im not honestly sure what I was thinking) and decided to install an torrented program that I wanted, it worked as expected, but my antivirus at the time (Symantec Endpoint) popped up saying it blocked ISBgeneric (or something similarly named) in Powershell, this happened on every restart, until I eventually decided to root around the folders that malware tends to hide in (Temp, appdata Roaming, ProgramData, etc), but I didnt find anything, but the stupid thing is that I went right past it when looking for it, it was in C:\Users\(My username), called CRSS.exe which I actually looked at for a few seconds, but in that moment of panic I must have gone right past it.
I decided to uninstall Symantec as it wasnt finding anything (which was pretty stupid of me to do), but seconds later after updating Windows Defender, it caught the malware that Symantec missed, the exact CRSS.exe file that I had gone right over, Symantec must have simply blocked the initial attempt of execution, but did not find the dropped payload.
Moral of the story, I screwed up and realized I am not as invulnerable as I previously thought, I was being too confident with my security which was eventually what resulted in myself almost getting compromised. I learnt my lesson and now understand what its like going trough something like this, not being able to think clearly and making stupid decisions when i already supposedly knew what to do in the event of malware on my system. Ever since then I have completely embraced the Zero Trust/Default Deny strategy using Hard_Configurator.
I figured its just nice knowing that we are not alone, everyone make mistakes, even people like Jim Browning.
Last edited: