{"id":7694,"date":"2017-05-18T08:10:06","date_gmt":"2017-05-18T16:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/18\/news-1479\/"},"modified":"2017-05-18T08:10:06","modified_gmt":"2017-05-18T16:10:06","slug":"news-1479","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/05\/18\/news-1479\/","title":{"rendered":"Information stolen? What now?"},"content":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Thu, 18 May 2017 15:00:51 +0000<\/strong><\/p>\n<p>There are several different types of malware that look for interesting information on an infected computer and transmit that information to the <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/threat-actor\/\" target=\"_blank\" rel=\"noopener noreferrer\">threat actor<\/a>.<\/p>\n<p>Identifying and removing the malware is our job, but what do you need to do yourself to control the aftermath? To answer that question it\u2019s important to know what information the malware was after and sometimes how long it has been active.<\/p>\n<h3><strong>Information<\/strong><\/h3>\n<p>What types of information are the malware authors after? Most of the time they are after anything that they can turn into cash. In rare cases of targeted attacks, they could be after other confidential information. Consider for example a keylogger installed by a close relative who is curious about some aspects of your private life.<\/p>\n<p>But usually we can divide the sought after information in these categories:<\/p>\n<ul>\n<li>Banking details<\/li>\n<li>Shopping website credentials<\/li>\n<li>Other website credentials<\/li>\n<li>Gaming credentials<\/li>\n<li>Bitcoin and other eMoney wallets<\/li>\n<li>Email credentials<\/li>\n<\/ul>\n<h3><strong>Time period<\/strong><\/h3>\n<p>When is the infection period important and why? It is important in cases of malware that tracks the user&#8217;s activities like keyloggers and malware that intercepts internet traffic. It should be clear that knowing when this tracking started can be very helpful in determining which important information could have been stolen.<\/p>\n<p>Tip: do not rely on your memory too much. If you are not sure, change that password of which you are unsure whether you have used it recently.<\/p>\n<h3><strong>How do I recognize malware that has stolen information?<\/strong><\/h3>\n<p>Sometimes you can tell by our naming convention that a particular malware was after your information. But not all of them are called <a href=\"https:\/\/blog.malwarebytes.com\/detections\/spyware-passwordstealer\/\" target=\"_blank\" rel=\"noopener noreferrer\">Spyware.PasswordStealer<\/a>. For starters look up information about the detection on your machine. Alarm bells should be ringing if the detections are spyware, keyloggers, and backdoors. Although, other Trojans are capable of stealing information as well.<\/p>\n<p>In our <a href=\"https:\/\/blog.malwarebytes.com\/detections\/\" target=\"_blank\" rel=\"noopener noreferrer\">threat library<\/a> you can find information of this kind under the header Remediation, so look for your detection there if this applies to you.<\/p>\n<h3><strong>Dangers<\/strong><\/h3>\n<p>In most cases, this is easy to guess. The stolen information could be used in ways that will cost you money. What could be the threat actors goals?<\/p>\n<ul>\n<li>Withdrawing money from your accounts<\/li>\n<li>Shopping at your expense<\/li>\n<li>Impersonating you for other reasons<\/li>\n<li>Extortion with personal information (<a href=\"https:\/\/blog.malwarebytes.com\/101\/2016\/02\/explained-doxing\/\" target=\"_blank\" rel=\"noopener noreferrer\">doxing<\/a>, <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/sextortion\/\" target=\"_blank\" rel=\"noopener noreferrer\">sextortion<\/a>, etc.)<\/li>\n<\/ul>\n<h3><strong>Countermeasures<\/strong><\/h3>\n<p>What can you do to limit the dangers as much as possible?<\/p>\n<ul>\n<li>Change the passwords that might have been stolen for every website you can remember logging into.<\/li>\n<li>If your email account has been compromised, change that password first as other credentials may be sent to you by mail and still end up in the wrong hands. Some webshops even send you a password in plain-text (shudders).<\/li>\n<li>Keep a close eye on your banking and eMoney accounts. Use the activity alerts that some banks offer.<\/li>\n<li>Keep tabs on your posts in social media. It may look silly to check what you have supposedly posted yourself, but imagine someone else doing it for you.<\/li>\n<\/ul>\n<h3><strong>Extra precautions<\/strong><\/h3>\n<ul>\n<li>Enable <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/01\/understanding-the-basics-of-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener noreferrer\">2FA<\/a> wherever possible.<\/li>\n<li>Do not re-use passwords, <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/05\/dont-need-27-different-passwords\/\">consider a password manager<\/a>.<\/li>\n<\/ul>\n<h3><strong>Related article<\/strong><\/h3>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threats\/info-stealers\/\" target=\"_blank\" rel=\"noopener noreferrer\">Info stealers<\/a><\/p>\n<p>Stay safe out there and get protected.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Pieter Arntz<\/em><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/05\/draftinformation-stolen-what-now\/\">Information stolen? What now?<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/05\/draftinformation-stolen-what-now\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Pieter Arntz| Date: Thu, 18 May 2017 15:00:51 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/101\/2017\/05\/draftinformation-stolen-what-now\/' title='Information stolen? What now?'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/05\/shutterstock_434270977.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Identifying and removing the malware is our job, but what do you need to do yourself, to control the aftermath of malware that steals interesting information from an infected computer?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/101\/\" rel=\"category tag\">101<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/101\/how-tos\/\" rel=\"category tag\">How-tos<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/cybersecurity\/\" rel=\"tag\">cybersecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/infosec\/\" rel=\"tag\">infosec<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/keylogger\/\" rel=\"tag\">keylogger<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/malware\/\" rel=\"tag\">malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/spyware\/\" rel=\"tag\">spyware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/threat-actor\/\" rel=\"tag\">threat actor<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/trojan\/\" rel=\"tag\">trojan<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/101\/2017\/05\/draftinformation-stolen-what-now\/' title='Information stolen? What now?'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/05\/draftinformation-stolen-what-now\/\">Information stolen? What now?<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10519,4500,11171,10573,12308,3764,10443,12309,10833],"class_list":["post-7694","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-10519","tag-cybersecurity","tag-how-tos","tag-infosec","tag-keylogger","tag-malware","tag-spyware","tag-threat-actor","tag-trojan"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7694"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7694\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}