In my 9-5 job, we get a ‘Do-It-All’ whom in this instance, is a tax preparer at this particular moment. Her PC is an old POS by today’s standards. She claims the PC was used to drain a couple of grand from her savings account. She’s already taken the issue up with the police and been told the FBI or Secret Service might look into the issue… doubtful.
So we’re contracted to make a copy of the HDD, for if the issue is examined in depth by the authorities. An exact copy is made to a bigger drive and that drive is used to copy the data off and keep a clean safe copy.
*That copy has been sitting in storage with no requests from the authorities for it since early November 2008*
The client refuses to have the Windows installation wiped and redone from the ground up, as she has never backed up her data and is worried we might miss something. So I get to clean up the system, which in this case, is a custom built AMD Athlon XP 2200+ (~1.8GHz) with 512MB and an 80GB HDD using the FAT32 file system. It had Windows XP SP2 Home Edition, Internet Explorer 6, and a damaged McAfee and Grisoft AVG 7.1 AV. I say damaged in that it looks like it was running (icon in system tray), but you couldn’t open the application to do anything! Not to mention the roughly half an inch of dust and debris inside of the computer’s case.
Oh, and let’s not forget the installed copy of Kazaa, because you have to illegally download some music on your ‘business’ PC with not one, but two damaged AV!!!
A copy of the drive has been scanned with AVIRA AntiVir, Malwarebytes, A-Squared, SuperAntispyware, and ThreatFire. The scans were run on a clean system with the copied drive attached via a USB to IDE adaptor. The scans cover all directories except the Documents and Settings and System Volume Information folders.
So far the results are: MyWebSearch, SPR/Fake.ErrorKille (ErrorSmart), TR/Dldr.Adroar Trojan, DR/Keenval.2 dropper, TR/Dldr.Keenval.E Trojan, several variations of the TR/Dldr.Dyfuca.* Trojan, DIAL/EDGACCESS.5 dialer, TR/Dldr.QDown.L Trojan, HTML/Rce.Gen HTML script virus, SPR/Dldr.Agent.C program, TR/Dldr.Agent.alr.3 Trojan, DR/FlashTrack.E dropper, & TR/Drop.Starter.G.3 Trojan.
At what point does a business or person actually care about the data they hold? In this case, someone with access to a lot of confidential and sensitive information about other people severely dropped the ball. Outdated Windows XP Service Pack, dual outdated and damaged AV, and a severe malware infection… I realize not everyone is IT savvy, but those whom handle such data, need to learn at least enough to, if not to protect themselves, then at least those other’s whom data they hold in their hand.
No comments:
Post a Comment