Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How I got infected last time thread
Message
<blockquote data-quote="RoboMan" data-source="post: 1015706" data-attributes="member: 53544"><p>Hi everybody, funny how you see a new thread of mine after some time and it's a story of how I suffered what I thought I'd never suffer again, since I've been malware free for more than a decade. I'm sharing this with you to let you know, and <strong><u>specially let novice users how careful we must be</u></strong>, since it's not even hard to get infected.</p><p></p><p>Today I commited a mistake. One single mistake, that costed me an infection, even when I thought I was truly protected. May this be a lesson for everybody, that if you, the user, are not careful enough, there will not be enough software to protect you.</p><p></p><p><strong><u><span style="font-size: 18px">HOW IT STARTED</span></u></strong></p><p></p><p>I had to download a specific software today. Since the version I needed to install wasn't on the official site anymore, I headed to a Youtube video that would let me download it via Mediafire or MEGA.</p><p>I clicked the video, <u>made a quick check of it, checked comments</u> to see what users said about this download, and since everything was positive, <strong>I downloaded the file.</strong></p><ul> <li data-xf-list-type="ul">Norton Antivirus didn't pop when downloaded, so the first test was done.</li> <li data-xf-list-type="ul">A right click context scan didn't show malware, so second test was done.</li> <li data-xf-list-type="ul">I decided not to upload the file to VirusTotal, since Norton came clean and Youtube comments were positive.</li> </ul><p><strong><u><span style="font-size: 18px">THE INFECTION</span></u></strong></p><p></p><p>I launched the executable file, and after some seconds, nothing happened. That's when I knew <u><strong>something was wrong</strong></u>. I immediately opened Process Explorer and Task Manager to see any possible suspicious process, and before these two even open, <strong>my theory became a reality</strong>.</p><p></p><p>[ATTACH=full]271441[/ATTACH]</p><p></p><p>Norton detected suspicious activity too. But here's the catch. <strong><u>Norton didn't detect the malware process</u></strong>. What we're seeing up there is Norton Intrusion Prevention System, which is basically like a firewall. It scans network traffic for attack signatures, such as social threats and outbound attacks, that identify attempts to exploit vulnerabilities in your operating system or in a program that you use.</p><p></p><p>And here's the other catch. <strong><u>The malware was still active in my system</u></strong>. and we had a loop. The malware process was a type of trojan that steals all the system's stored passwords. It was when this malware tried to contact home that Norton realised this was supicious activity and realised what was going on. But here are three problems:</p><ol> <li data-xf-list-type="ol">Norton wasn't smart enough to quarantine the file calling constantly home</li> <li data-xf-list-type="ol">Each network connection malware tried to do was blocked, but malware was still active</li> <li data-xf-list-type="ol">Neither Norton's "smart" or full scan were able to detect the malware, even when it was triggering Norton's IPS</li> </ol><p>Wanna guess who did detect it?</p><p></p><p><strong><u><span style="font-size: 18px">RESOLUTION AND CONCLUSSION</span></u></strong></p><p></p><p>Yup, probably guessed right.</p><p></p><p>[ATTACH=full]271442[/ATTACH][ATTACH=full]271443[/ATTACH]</p><p></p><p><strong><u>Long story short; malware neutralized, <span style="color: rgb(97, 189, 109)">no information stolen and day saved.</span></u></strong></p><p></p><p>Once this was over, I headed to the Youtube video where I downloaded the file, and realised the mistake I had made: <strong>everything was fake.</strong></p><ol> <li data-xf-list-type="ol">Unknown author</li> <li data-xf-list-type="ol">Literally posted 6 hours ago and already had 47 comments</li> <li data-xf-list-type="ol">Video title was in spanish and all coments in english</li> <li data-xf-list-type="ol">All comments were positive and posted at literally the same time</li> </ol><p>Yes, the cybercriminal had uploaded a fake video, paid for almost 50 bot comments and I slipped right in. I wasn't careful enough. I might be getting old.</p><p></p><p>Hopefully this is a lesson for everybody, most specially for me, that mistakes can be made and can cost us a lot. Luckily, I was spared to live some years more.</p><p></p><p>Also, after the semi-failure I saw today in Norton's protection, I might be re-thinking my comeback to Kaspersky.</p></blockquote><p></p>
[QUOTE="RoboMan, post: 1015706, member: 53544"] Hi everybody, funny how you see a new thread of mine after some time and it's a story of how I suffered what I thought I'd never suffer again, since I've been malware free for more than a decade. I'm sharing this with you to let you know, and [B][U]specially let novice users how careful we must be[/U][/B], since it's not even hard to get infected. Today I commited a mistake. One single mistake, that costed me an infection, even when I thought I was truly protected. May this be a lesson for everybody, that if you, the user, are not careful enough, there will not be enough software to protect you. [B][U][SIZE=5]HOW IT STARTED[/SIZE][/U][/B] I had to download a specific software today. Since the version I needed to install wasn't on the official site anymore, I headed to a Youtube video that would let me download it via Mediafire or MEGA. I clicked the video, [U]made a quick check of it, checked comments[/U] to see what users said about this download, and since everything was positive, [B]I downloaded the file.[/B] [LIST] [*]Norton Antivirus didn't pop when downloaded, so the first test was done. [*]A right click context scan didn't show malware, so second test was done. [*]I decided not to upload the file to VirusTotal, since Norton came clean and Youtube comments were positive. [/LIST] [B][U][SIZE=5]THE INFECTION[/SIZE][/U][/B] I launched the executable file, and after some seconds, nothing happened. That's when I knew [U][B]something was wrong[/B][/U]. I immediately opened Process Explorer and Task Manager to see any possible suspicious process, and before these two even open, [B]my theory became a reality[/B]. [ATTACH type="full" alt="1671569741156.png"]271441[/ATTACH] Norton detected suspicious activity too. But here's the catch. [B][U]Norton didn't detect the malware process[/U][/B]. What we're seeing up there is Norton Intrusion Prevention System, which is basically like a firewall. It scans network traffic for attack signatures, such as social threats and outbound attacks, that identify attempts to exploit vulnerabilities in your operating system or in a program that you use. And here's the other catch. [B][U]The malware was still active in my system[/U][/B]. and we had a loop. The malware process was a type of trojan that steals all the system's stored passwords. It was when this malware tried to contact home that Norton realised this was supicious activity and realised what was going on. But here are three problems: [LIST=1] [*]Norton wasn't smart enough to quarantine the file calling constantly home [*]Each network connection malware tried to do was blocked, but malware was still active [*]Neither Norton's "smart" or full scan were able to detect the malware, even when it was triggering Norton's IPS [/LIST] Wanna guess who did detect it? [B][U][SIZE=5]RESOLUTION AND CONCLUSSION[/SIZE][/U][/B] Yup, probably guessed right. [ATTACH type="full" alt="1671570252010.png"]271442[/ATTACH][ATTACH type="full" width="546px" alt="1671570278820.png"]271443[/ATTACH] [B][U]Long story short; malware neutralized, [COLOR=rgb(97, 189, 109)]no information stolen and day saved.[/COLOR][/U][/B] Once this was over, I headed to the Youtube video where I downloaded the file, and realised the mistake I had made: [B]everything was fake.[/B] [LIST=1] [*]Unknown author [*]Literally posted 6 hours ago and already had 47 comments [*]Video title was in spanish and all coments in english [*]All comments were positive and posted at literally the same time [/LIST] Yes, the cybercriminal had uploaded a fake video, paid for almost 50 bot comments and I slipped right in. I wasn't careful enough. I might be getting old. Hopefully this is a lesson for everybody, most specially for me, that mistakes can be made and can cost us a lot. Luckily, I was spared to live some years more. Also, after the semi-failure I saw today in Norton's protection, I might be re-thinking my comeback to Kaspersky. [/QUOTE]
Insert quotes…
Verification
Post reply
Top