Software & Apps

Your Information Likes to Hide on Your Computer

Posted on April 23rd, 2013 by

find-blog-header

As you might imagine, researching malware might give you a unique perspective on computers. One of the things we do in the course of malware analysis is to set up sacrificial “goat” systems that we can let get all crudded up in a safe and secure way. (Well, safe and secure for anything outside that goat machine, anyway.) We create different “images,” which will vary here and there (e.g., one image for macro viruses, another for different types of infection vectors, different operating systems, etc).

To ensure the best possibility of the malware working, you want it to look and act reasonably like a real person’s machine, so you populate it with fake information that a malware creator might want to grab, like email addresses and passwords. For safety’s sake, you want to make sure any information on the system is just what you have put there – no email addresses or account information from Readme files or software documentation in browser history or any temporary files.

Once we got everything set up on a new goat machine, the last step before saving a snapshot was to go through and purge wayward non-test contact information from that system. It beggars belief the places where this information resides, even on a clean install (an almost-untouched system). On a system that has been used for a while to create and swap files, to send and receive emails, and to make online purchases, there is a whole lot more interesting information to be found.

Attackers, being in it to make a buck, know this too. That was why we had to be so thorough in cleaning our goat systems before we could use them for analysis. Malware authors would find info in the darndest places, not stopping at just looking through documents or emails, or what was actively being typed. So it’s useful to be aware of what information is on your system so you can lock it up if need be.

Doing this manually is kind of a royal pain, which is why it’s cool that there are now products (like Identity Scrubber) that do the heavy lifting for you. It can sift through your machine for whatever information you want to be aware of, and then you can choose to scrub that data away or lock it in the vault so it’s not lying around in the open. You can repeat the process periodically to keep things tidy.

This technology on its own won’t protect you from bad guys skulking around the Internet, but it can go a long way to making your machine a less tempting target. Especially if you pair it with regular security software like anti-virus and a firewall, it can make your data that much harder to get than the next guy’s.