General discussion

Locked

Trojan source traced - what next?

By _Christian_ ·
I found a Trojan installed where I least expected it.

It came as part of a LEGITIMATE software. That software has won several awards, including a 5 stars award from CNET.com

None of the antivirus I tried ever found it, but I was tipped off by an anti-spyware report (only after most recent signature update).

After trying various tools, one eventually reported this.
I am currently investigating further the exact installation process, but the source is final.


To stop speculations introduced in some answers, I add a few things in the main post:

-1) The source has already been verified, as I already mentionned above.

-2) This is a known trojan, listed in security databases, together with the author's alias and a sizeable list of other malwares known to come from the same author.

-3) I am not interested in speculations on what I checked or not, I have enough background to be past that. I am only interested in the legal aspect versus surprise effect (If the author is traceable to that company, but I contact them first (or somebody else does), he/she will have the time and opportunity to clear his/her tracks.)


What should be my next step?

1) Contacting the editor?

OR

2) Contacting the relevant law enforcement agency?

This conversation is currently closed to new comments.

50 total posts (Page 1 of 5)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Be Wary!!!

by husp1 In reply to Trojan source traced - wh ...

Have you double checked your sources claims? Rest asured that your opening yourself to a liabilaty issue by contacting the athoritys first. check with the editor first. If his or her answers don't supply the satisfaction you then should contact the proper law enforcement agency.

Collapse -

misreads

by Oz_Media In reply to Be Wary!!!

AVG antivirus will indicate SUN's Java as being a trojan in Firefox, an obvious false positive.

Spyware and trojan detection is up to the discretion of the spyware programmers. They often consider completely fine programs as being trojans or spyware, probably why nothing showed up before.

When you get the scan report it usually lists the citical factor of the trojan too, in most cases it will notify you of a piece of software that has an autoupdater etc., but list it as being harmless.

It's more of a heads up if you will, in most cases such spyware or trojan is simply misreported and is completely harmless or may even be a small reportig plugin from FREE software or a piece of advertising code for FREE software. Writers have to make money somehow, no software is REALLY FREE.

Collapse -

known trojan

by _Christian_ In reply to misreads

No, the trojan is genuine RAT, I had already verified.

It is listed in a reputable security datase, with extracts of its own distribution file, and author alias and list of known other malwares.

I am now checking if the latest version of the software it came with still contains it...

Collapse -

Remote Access Trojan

by Oz_Media In reply to known trojan

"RAT is an acronym for Remote Access Trojan. A RAT might have a functional use, but it is typically used to describe malicious code..."
http://netsecurity.about.com/od/hackertools/p/aapr092004.htm

I would say that in YOUR case, this particular RAT software is not malicious but used as expected to update or even validate it's licence on boot.

Not all RAT's are malicious, but they are all identified.

I would hazard a guess that the software vendor you purchased the software from is adding this for a speciic reason other than to hack your machine.

Collapse -

Do not assume others are ignorants

by _Christian_ In reply to Remote Access Trojan

Please, do not assume that I do not know what I am talking about.

I have been in IT a long time, I know EXACTLY what a RAT is, and I have actually been involved in computer security a few times, in the past.

Furthermore, your comments are irrelevant to my question...

Collapse -

Better than assuming people already know

by Oz_Media In reply to Do not assume others are ...

Nobody is ASSUMING anything, I am merely responding to your evasive opening post.

While I did think perhaps you were genuinely wondering what it was, though unmentioned, and wondered what to do, I have no information to think differently.

Therefore, I tried to be helpful by explaining what this trojan may or may not be and offered a link for more information.

People come here with similar issue quite often, if you KNEW more information than you provided, in a computer world you should know that you need to provide all of this to begin with.

You should have just said,

"I bought XYZ software and it comes packaged with a RAT right on the CD that's being picked up by my antivirus software,

I know a lot about computers and don't want any help, infomation or support. Please submit your specific replies to the two following questions, without further comment... "

I know you posted someting vaguely similar but you still failed to mention details as to what you were dealing with.


But in my foolish case, I assumed that you were unsure about this, and that's merely due to a lack of information provided, but again MY fault of course.

I then took some time to provide information that may help you decide whether this is an issue you feel worthy of persuing or not, blasphemous bugger that I am.

I bow to you faithfully.

Collapse -

See my other answer

by _Christian_ In reply to Better than assuming peop ...

If you are genuine, then you are incompetent on the security side...

And my question was very specific from the start, with options 1 and 2, while you diverted straight to answer z...

Or maybe you did not take the time to read it properly before starting to answer?

Collapse -

THank you

by Oz_Media In reply to Better than assuming peop ...

You are right, I have no interest at all in security, at all whatsoever. Leave that to the IT department, not my problem. I'll just make sure they have the tools and work efficiently enough to resolve issues for thier respective employers.

Collapse -

That was actually the correct answer

by just_chilin In reply to Better than assuming peop ...

Software usually come with ways of validating and registering your license key.
If that is the case with yours, you don't stand a chance in any court of law.

Collapse -

No, that was anwer to a question I did not ask

by _Christian_ In reply to Better than assuming peop ...

And irrelevant, since as I mentionned LOUD AND CLEAR, this is a real trojan.

Back to Malware Forum
50 total posts (Page 1 of 5)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums