Jump to content

Malware & Personal Information


kabuto9x

Recommended Posts

Hi everyone, I hope you're doing great.

Five years ago I decided to buy a computer to my family. After a year or so the computer had a lot of ads but I simply instaled Ad Block. This year the computer got really slow, so a friend of mine, that works at IT department of a company told me the computer had a lot of malware, including trojans, ads, etc. It turns out that my 20 year old son had been watching adult sites and pornography for several years.

Now the computer is clean and works very well, since my friend helped me out in this one,

However, I fear someone (like hackers) can have personal information about me or my  family, Should I really worry about this? Is this something common?

Link to post
Share on other sites

No.  Not unless you have specific information on a particular malware detection known for data harvesting.

You should also think about the role the computer plays.  A "personal" computer used by a singular person may have personal data.  A "family" computer, used by family members, should not have personal information on it.  This is to prevent that personal information being obtained by other family members who should not have access to it as well as any "mistakes" a family member may make that "you" may not make.

 

Link to post
Share on other sites

29 minutes ago, ncodex said:

A Trojan malware may obtain personal information that was entered, such as email addresses, passwords and credit card information.

If you entered those things on a malware infected machine, you should change them to be more secure.

While this is possible, the term Trojan actually covers a very large array of different threats and families of threats.  A RAT or Remote Access Trojan being among the worst, allows an attacker to take control of the system, including making changes to the system and the files/data/programs installed on it as well as obviously harvesting whatever data they choose.  A Trojanized keylogger will log keystrokes for harvesting information like account numbers, user names and passwords.

Now, with all of that said, most run-of-the-mill Trojans are nothing more than standard malware disguised as legitimate applications or files (such as an MS Word document, Adobe PDF file or an installer for a video game or some other software) and they trick users into installing/running them by appearing to be legitimate files/programs.  What they actually do is not a function of actually being a Trojan and simply comes down to what their intended purpose is, with the majority these days being used for either downloading other malware onto the system, loading PUPs (Potentially Unwanted Programs) like adware and the like for profit (many PUP vendors use a pay-per-install model which allows criminals to monetize malware by having their threats download and spread PUPs instead of actual infections, getting a small amount of money for each system they successfully get each PUP installed on) as well as ransomware that encrypts files on a system and holds them for ransom, demanding payment to unlock/decrypt the files.

While it is true that some malware does indeed harvest personal information, it isn't nearly as common these days as it used to be and hackers seeking such info will often target large corporations with access to more data rather than individual systems belonging to home users where the amount of data they might obtain is very small.  I'm not saying it is impossible, just that it is very unlikely.

It couldn't hurt to change your passwords etc. after an infection event, but frankly it usually isn't necessary unless you have confirmation that you had a RAT, keylogger or other data harvesting type of malware (something that the logs of the virus and malware scanners you used should indicate based on the threat names/classifications).  If they were detection names like "Trojan.Generic" or "Trojan.Heuristic" then they were simply detections made based on the item's characteristics that make it look like malware based on heuristics algorithms, not a positive classification as a specific threat or threat family (the terms "Generic" and "Heuristic" indicate that the detections were made in this way, not through positive specific identification) meaning that even including the term "Trojan" in the threat name is not necessarily indicative of what the item actually was, as it could have been some other type of malware altogether and not necessarily an actual Trojan.

Even for true Trojans, the meaning of that term comes from the Trojan Horse which simply indicates that the malware used a tactic of deception to make itself appear safe or to appear to be something that it is not (again, such as a legitimate document file or program) so even in the world of malware, a Trojan doesn't necessarily mean that the malware was used for any specific purpose such as harvesting information and could have had any purpose that any other malware has.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.