This is what happens if you bombard a PC with malware and adware - Review electronic stuff

Breaking

Post Top Ad

Post Top Ad

Thursday, August 25, 2016

Home twitter This is what happens if you bombard a PC with malware and adware

This is what happens if you bombard a PC with malware and adware



This is something we don’t have to tell our readers, but it’s recommended for everyone — especially those with a Windows PC — to have a virus scanner installed.
Luckily the world isn’t devoid of heroes just yet. Every so often, security researcherAndrew Brandt gets one of his testbed computers and throws as much malware and adware on it as he can get his hands on.
The tweetstorm he put on his account explains the different things the mass of horrible software on his computer is doing to it. Among other things, the software secretly installed a bitcoin miner that was burning his CPU power to generate money for someone else.
Even though the situation Brandt puts himself in might be a bit excessive — not a lot of people would have this much malware on their computer — it’s an interesting look at the power some of these applications can get just by clicking a few wrong links.
Andrew Brandt @threatresearch
2) And then I let the adware - and it is very generous to describe them that way - run for a few days, to observe its behavior over time.
9:51 PM - 24 Aug 2016
Andrew Brandt @threatresearch
3) Here's a screenshot of what Process Explorer shows is running on the testbed right now. It is abhorrent and evil.
9:52 PM - 24 Aug 2016
Andrew Brandt @threatresearch
4) Some of these so-called "potentially unwanted apps" themselves installed malware - clickfraud and other garbage Trojans killing the CPU
9:54 PM - 24 Aug 2016
Andrew Brandt @threatresearch
5) One of these PUAs actually installed a goddamn bitcoin miner. It's the "suspended" app in the screenshot above. Unbelievable gall!
9:55 PM - 24 Aug 2016
Andrew Brandt @threatresearch
6) And another has hijacked all browser shortcuts by adding its own URL to the command line, forcing them to open a junk search engine page
9:57 PM - 24 Aug 2016
Andrew Brandt @threatresearch
7) So thanks, navsmart[.]info for insinuating yourself as my start page, even though I changed the settings 
9:58 PM - 24 Aug 2016
Andrew Brandt @threatresearch
8) And you really have to hand it to the namer of "wizzcaster" - it really is like you're casting wizz on my PC
10:02 PM - 24 Aug 2016
Andrew Brandt @threatresearch
9) What it boils down to is, people get suckered into downloading this crap by extremely deceptive popups which claim the apps are legit
10:05 PM - 24 Aug 2016
Andrew Brandt @threatresearch
10) They even use real logos from companies like Adobe, Oracle (Java), Apple, Microsoft, and then fine-print the page with plausible denials
10:07 PM - 24 Aug 2016
Andrew Brandt @threatresearch
11) And even those links are useless. This is on the domain "downloadappfreepremium249[.]club" - is this a joke?
10:10 PM - 24 Aug 2016
Andrew Brandt @threatresearch
12) The degree of brand abuse is staggering. All it does is harms consumers. There is no legitimate use for these apps. None whatsoever.
10:12 PM - 24 Aug 2016
Andrew Brandt @threatresearch
13) So why are the brands like @adobe and @oracle not actively defending their trademarks going after these slugs? This is what ™ law is for
10:39 PM - 24 Aug 2016
Andrew Brandt @threatresearch
14) There is nothing "low risk" about allowing garbage apps to take control of a PC. They often mimic  social engineering techniques
10:42 PM - 24 Aug 2016
Andrew Brandt @threatresearch
15) and then use the full gamut of  tricks to persist on the box. Crazy-making for IT/IR staff to clean up
10:47 PM - 24 Aug 2016
Andrew Brandt @threatresearch
16) I don't know any easy solutions. Laws won't work (they don't follow them anyway) and corps can't be bothered to play sue-u-whack-a-mole
10:49 PM - 24 Aug 2016
Andrew Brandt @threatresearch
17) Adware makers: Your business model is bad and you should feel bad, but you don't because you're clearly sociopaths who just don't care.
10:54 PM - 24 Aug 2016
Andrew Brandt @threatresearch
18) It's hard to imagine the staggering amount of work involved in creating and maintaining such a large ecosystem of crap. All of it.
10:57 PM - 24 Aug 2016
View image on TwitterView image on TwitterView image on Twitter
Andrew Brandt @threatresearch
19) And this is some of the traffic it generates. Just a 24h slice, of course, because there's too much to show.
11:09 PM - 24 Aug 2016
Andrew Brandt @threatresearch
20) More power to you if you're a happy user of (L-R) Space Sound Pro, DailyWiki, or TiantianWiFi. They look grrreat
11:12 PM - 24 Aug 2016
Andrew Brandt @threatresearch
21) but it's worth noting that I DIDN'T ASK FOR OR WANT THESE APPS. There's nothing "potential" about the "unwanted" part here.
11:14 PM - 24 Aug 2016
Andrew Brandt @threatresearch
22) everything that ended up on this testbed came through an installer which claimed it was a Flash or Java or some other plugin's installer
11:17 PM - 24 Aug 2016
Andrew Brandt @threatresearch
23) This box is irredeemably hosed. Killing it would be a mercy and deprives adware hucksters ill-gotten revenue. Cleanup would take longer.
11:19 PM - 24 Aug 2016
Andrew Brandt @threatresearch
24) At some point, as a society, we have to decide: Is the perpetual cost (in time and $$) worth letting this kind of behavior slide?
11:21 PM - 24 Aug 2016
Andrew Brandt @threatresearch
25) There has to be a better way to put a stop to this. Let's work together to try to find a solution. This dead weight drags us all down.


READ NEXT: The Soundjump Bluetooth Speaker may be compact, but it packs some serious audio (30% off) 
Tags
Author Image

About Unknown

مرسلة بواسطة في
التسميات:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Post Top Ad