Serious Discussion Time bombs / timed malware

Oblivion99

Level 1
Thread author
Nov 6, 2023
27
Dear all

I have several offline backup data systems. It would be a disaster, if somehow the offline backup data systems got infected with a time bomb / timed walware – and then the time bomb would execute after several years.

It could be:
Malware that deletes all the data
Malware that overwrites all the data
Malware like ransomware that will encrypt the data

I have effective deterrences, such as don’t visit shady websites, don’t open shady links, updated OS and run scans often.

1.
Has anyone heard about time a bomb / timed walware, that either delete all the data, overwrite all the data or encrypt all the data?

2.
If it happened, what could I do to solve it?
Encryption:
Try to decrypt the data
Delete all data:
?
Overwrite all data:
?

Thank you

Best regards
 
  • Like
Reactions: Nevi
F

ForgottenSeer 109138

Dear all

I have several offline backup data systems. It would be a disaster, if somehow the offline backup data systems got infected with a time bomb / timed walware – and then the time bomb would execute after several years.

It could be:
Malware that deletes all the data
Malware that overwrites all the data
Malware like ransomware that will encrypt the data

I have effective deterrences, such as don’t visit shady websites, don’t open shady links, updated OS and run scans often.

1.
Has anyone heard about time a bomb / timed walware, that either delete all the data, overwrite all the data or encrypt all the data?

2.
If it happened, what could I do to solve it?
Encryption:
Try to decrypt the data
Delete all data:
?
Overwrite all data:
?

Thank you

Best regards
Not sure what led you to this question but lets address it anyway.

1. You have the most important part covered with "no internet connection"
2. What type of data systems are you running?
3. How are you transferring the data to be backed up on the offline.
4. Do you scan the offline systems when you do connect them, how often and do you scan the data before transfer? If so what are you using to scan them with?
5. If the back up drive has read/write disabled and no internet connection it would be fine.

Creating snapshots of file/ directories you are trying to save offline would protect them as well as it is then immutable.
 
Last edited by a moderator:
  • Like
Reactions: Oblivion99

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,166
Has anyone heard about time a bomb / timed walware, that either delete all the data, overwrite all the data or encrypt all the data?
Although not all that common, coding malware in order to delay its execution certainly exists. Normally it will be targeted (especially to an Organization) and will contain at the core a True Zero-Day (never released into the Wild) file.

Coding in some variation of Sleep (which is barely an inconvenience to do) will thus allow the base malicious file to hang out on a drive for whatever specified time before activating.

If you would like to see such in action, I actually used a delay within a zero-day, although it was only a few seconds in my last video (Of LoLBins, 0 Days, and ESET (Part 2) in order to fit the timing of the background song. But it just as easily could have been made to wait until a big Holiday or an election.



 

Brahman

Level 17
Verified
Top Poster
Well-known
Aug 22, 2013
838
If it happened, what could I do to solve it?
Nobody can say for certain but it's sane to keep your most important data backed up in three different locations. One is local and the other two on two different cloud services. Most cloud services prevents uploading active malware and thus may prevent a timebomb type malware. I think you have to add two different online backup location to your security setup. Well that's that, nothing is certain except death.
 
F

ForgottenSeer 109138

Time bombs/Logic bombs "malware" have conditions that need met to be considered either. They must have a payload unknown to the user, lay dormant for a period of time, and be triggered by a specific condition.

Delivery of these is important to Note:

1. Learn how to spot phishing emails and never download unknown attachments.
2. Don't download applications from sketchy sources, always do so from a trusted source.
3. Validate and verify links and URL's before clicking.

Keep your computer and security products update.

As stated above, when and how you back up these items you store is important. There are methods mentioned such as snapshots aka immutable storage that renders the files unable to change on the storage.
 
Last edited by a moderator:

Oblivion99

Level 1
Thread author
Nov 6, 2023
27
Not sure what led you to this question but lets address it anyway.

1. You have the most important part covered with "no internet connection"
2. What type of data systems are you running?
3. How are you transferring the data to be backed up on the offline.
4. Do you scan the offline systems when you do connect them, how often and do you scan the data before transfer? If so what are you using to scan them with?
5. If the back up drive has read/write disabled and no internet connection it would be fine.

Creating snapshots of file/ directories you are trying to save offline would protect them as well as it is then immutable.
2.
A couple of flash drives.
A HDD.
Offline laptop.

3.
I use a laptop with Windows 11. The laptop is offline. The laptop atcs an offline backup system aswell. The main function of the laptop is to sort and get an overview of the data I want to backup.
I transfer data to the laptop from flash drives or from my iphone.

4.
All the data that is being transfered to the offline laptop is being scanned by fully-updated software. Malwarebytes or Windows Defender.
All the data on the offline laptop is often being scanned by its current version of Windows Defender - Windows Defender is not getting updated hence the laptop is offline.

5.
What du you mean?
So only "copy funcition" is enabled?

"Creating snapshots of file/ directories you are trying to save offline would protect them as well as it is then immutable."
This function is so the data can't be deleted or changed in a chosen timeperiod?

Thank you
 

Oblivion99

Level 1
Thread author
Nov 6, 2023
27
Most cloud services prevents uploading active malware and thus may prevent a timebomb type malware.
It would be the same as scanning with a anti-malware software?

The scanning method, is only as good as the malware database it uses.
The development of new malware, is always one-step ahead of the anti-malware software databases.
 
F

ForgottenSeer 109138

2.
A couple of flash drives.
A HDD.
Offline laptop.

3.
I use a laptop with Windows 11. The laptop is offline. The laptop atcs an offline backup system aswell. The main function of the laptop is to sort and get an overview of the data I want to backup.
I transfer data to the laptop from flash drives or from my iphone.

4.
All the data that is being transfered to the offline laptop is being scanned by fully-updated software. Malwarebytes or Windows Defender.
All the data on the offline laptop is often being scanned by its current version of Windows Defender - Windows Defender is not getting updated hence the laptop is offline.

5.
What du you mean?
So only "copy funcition" is enabled?

"Creating snapshots of file/ directories you are trying to save offline would protect them as well as it is then immutable."
This function is so the data can't be deleted or changed in a chosen timeperiod?

Thank you
Interesting way to store your offline. Imaging software on that offline computer would enable you to create incremental snapshots of your back ups that would make them immutable. This would be the best method for your choice of storage. Maybe add a couple on demand scanners for second opinions in the host machine to scan before transfer. Disable autoruns of the USB so when you insert it into the host you can scan it before using.

5. To answer this, when you make something "read only" you can not write to it or change the files while it's in that state. You would have to add "write" permissions each time to add content then disable them again when done. This is mainly used in actual external devices like flash drives, sd cards, ect. Some actually have a physical "switch" you toggle to "lock" the device.

Having multiple backs as mentioned before is wise too. Adding in cloud storage. A few offline copies.
 
Last edited by a moderator:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,166
Most cloud services prevents uploading active malware and thus may prevent a timebomb type malware
No, they probably won't detect anything amiss for 2 main reasons- such a delay in execution of a given file is done legitimately all the time, often directly utilizing legitimate Windows binaries (kinda-sorta). Thus a detection of this will restrict the normal functioning of Windows.

Second, weaving in a delay is a very minor (and non-malicious) part of coding a malware file, so any detection by security software would be concentrated elsewhere (the nasty parts of the file)..
 
  • Applause
  • Like
Reactions: kylprq and Khushal

Oblivion99

Level 1
Thread author
Nov 6, 2023
27
Before the laptop went offline, Windows was fully updated.
The laptop has Windows Defender firewall enabled.

After it went offline, I performed a deep scan of all files with Microsoft Defender Antivirus - and it found nothing.

Is it safe to say, that the laptop is clean of malware / timed malware at that time?

I guess, I just has trauma from the old Windows XP days, when malware roamed wild on the internet.
 

Oblivion99

Level 1
Thread author
Nov 6, 2023
27
Could anyone please try to answer:

The offline laptop was brand new.

Before the laptop went offline, Windows was fully updated.
The laptop has Windows Defender firewall enabled.

After it went offline, I performed a deep scan of all files with Microsoft Defender Antivirus - and it found nothing.

Is it safe to say, that the laptop is clean of malware / timed malware at that time?

Thank you
 
F

ForgottenSeer 109138

Could anyone please try to answer:

The offline laptop was brand new.

Before the laptop went offline, Windows was fully updated.
The laptop has Windows Defender firewall enabled.

After it went offline, I performed a deep scan of all files with Microsoft Defender Antivirus - and it found nothing.

Is it safe to say, that the laptop is clean of malware / timed malware at that time?

Thank you
As already stated above, get a couple On Demand scanners for "second opinions" to scan the system if you need to verify the system is clean. You can place "Process Explorer" from "sysinternals" on your system and enable "virus Total" and it will check all running processes through VT. You can install "Autoruns" from the same "sysinternals" and enable Virus Total" on this and check all startup entries and files through VT, to help confirm.
 
  • Like
Reactions: Oblivion99

Oblivion99

Level 1
Thread author
Nov 6, 2023
27
As already stated above, get a couple On Demand scanners for "second opinions" to scan the system if you need to verify the system is clean. You can place "Process Explorer" from "sysinternals" on your system and enable "virus Total" and it will check all running processes through VT. You can install "Autoruns" from the same "sysinternals" and enable Virus Total" on this and check all startup entries and files through VT, to help confirm.
What about in the specific scenario I mention?

Brand new laptop.
Fully updated.
Microsoft Defender firewall enabled.
No shady downloads and no shady websites visited.
Offline.
Full deep scan with Microsoft Defender.
Clean.
Would you fully trust this?

Thank you
 
F

ForgottenSeer 109138

What about in the specific scenario I mention?

Brand new laptop.
Fully updated.
Microsoft Defender firewall enabled.
No shady downloads and no shady websites visited.
Offline.
Full deep scan with Microsoft Defender.
Clean.
Would you fully trust this?

Thank you
This would depend upon the laptop, brand, where the parts are imported from , what all software is pre installed, ect. There are variables, and nothing is guaranteed, so if you have concerns, you need to scan the system and check it.

As an example, not to many years ago Lenovo was seen shipping with pre installed Superfish “adware,” which could lead to other issues easily.

If you have to ask and question it, just use the advice up above. Some users get brand new laptops, wipe them clean and manually install the OS and drivers themselves to rid the new system of any potential issues, preinstalled bloat ware and to slim down and speed up the system.

I have nothing more to add to this thread personally, all practical advice has been given already.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top