Privacy

31991 readers

884 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

I found a worm on my USB (monero.town)

submitted 6 months ago* (last edited 6 months ago) by chevy9294@monero.town to c/privacy@lemmy.ml

23 comments fedilink hide all child comments

This is probably not the right community but I haven't found a better one.

So I watched a video from Seytonic where he mentiond that some malware creates a windows link with the name of the usb on a usb. So I checked my usb because I remembered that I had to click 2 times on my usb to opened it. I found a link that contained cmd.exe and a name of a file next to it. Upload to the virustotal showed Raspberry Roblin worm.

I use Linux but my familly uses windows so I will have to go through all familly computers and remove the worm. Where can I find info how to remove this specific worm - Raspberry Roblin? On google I found a description about how the worm works but not specific files it creates and how to remove it.

The first page that shows up is microsoft.com and it says that windows defender detects the worm, but clearly it doesnt.

Edit: The worm was on one computer and it did not have windows defender installed. Seems like malware removed it and also disabled automatic updates. I installed MalwareBytes and sucessfully removed the worm :)

you are viewing a single comment's thread
view the rest of the comments

[–] stevedidwhat_infosec@infosec.pub 3 points 6 months ago (1 children)

Here’s probably all the info you could ever need:

https://redcanary.com/blog/threat-intelligence/raspberry-robin/

Next, you need to get your systems scanned and cleaned. Malware bytes is likely enough, but I always recommend BitDefender. Their efficacy rates are always fantastic, and they have been leading the industry for several years now. Download the AV on a clean system, put on clean flash drive, and install that way.

Last, you’re gonna need to reset your passwords. Yes, I know that’s toxic af. But this is the reality and why we always need to be veeeery careful with what we do. This worm communicates with a c2 server which means it can update itself which makes detection hard, and it also means that, at one point it may have been spying on your activity (and it likely was if not continues to)

This stuff happens, don’t beat yourself up too much. Live and learn

[–] chevy9294@monero.town 1 points 6 months ago (1 children)

Thank you for the link, it will help for sure!

I (not me but my family) always used just default Windows Defender but I heard good things about Malware bytes and BitDefender, I'll checked them out.

[–] stevedidwhat_infosec@infosec.pub 1 points 6 months ago (1 children)

Bitdefender usually goes on sale too - check for coupon codes, don't pay full price. Plus you get like 5 devices with your license IIRC. Worth a shot

[–] chevy9294@monero.town 1 points 6 months ago (1 children)

Oh it's paid... I would rather install Linux, I don't pay even for Windows.

[–] stevedidwhat_infosec@infosec.pub 1 points 6 months ago* (last edited 6 months ago) (1 children)

And you got what you paid for, no?

I believe there is a free version as well but don’t think just because you’re installing Linux that you’re somehow safer.

There was just a package that was essentially socially engineered into by a hacker, who then had full access to everyone’s shit.

All because a GitHub author was pressured into letting them contribute to code. Mac/Apple are no different and starting to be more and more vulnerable as the “security by obscurity” wears off.

Free tools are fine and well, but that stuff is done for free. Including maintainence and everything else. In times like these, ain’t nobody got time for that anymore. People need to make a living and you will see degradation in the products thusly

[–] laughterlaughter@lemmy.world 1 points 6 months ago* (last edited 6 months ago) (1 children)

I didn't downvote you, but I think you're assuming waaaay too much about OP's life circumstances. For al we know, he's an Argentinian teenage girl with an allowance, or a Vietnamese retired fisherman with no life savings.

[–] stevedidwhat_infosec@infosec.pub 1 points 6 months ago

Could be. However, the point stands, you’re gonna get what you pay for in the end. Not trying to be a dick ofc, but that’s the reality.

There are some well performing options that are free, but they are limited, and not too common imo

If anyone does have some good options, feel free to share as I may be unaware of them and think learning about them would be neat