One malware family studied by SophosLabs in recent months has take anti-anti-virus telemetry to a new level: Gatak.
When it runs, Gatak includes this information, and more besides, in its call-home data, packaged into an HTTP (web page) request:
-Creation time of C:\WINDOWS.
-Creation time of the Windows installer folder.
-Creation time of the Windows prefetch folder.
-Creation time of the Windows pagefile
-The computer’s and the current user’s name.
-Creation time of the user’s profile folder.
You may wonder what value this data has to the crooks behind the malware.
The answer is that this information acts something like a fingerprint for the computer that’s just been infected.
https://nakedsecurity.sophos.com/2016/05/09/notes-from-sophoslabs-the-anti-anti-virus-arms-race/
When it runs, Gatak includes this information, and more besides, in its call-home data, packaged into an HTTP (web page) request:
-Creation time of C:\WINDOWS.
-Creation time of the Windows installer folder.
-Creation time of the Windows prefetch folder.
-Creation time of the Windows pagefile
-The computer’s and the current user’s name.
-Creation time of the user’s profile folder.
You may wonder what value this data has to the crooks behind the malware.
The answer is that this information acts something like a fingerprint for the computer that’s just been infected.
https://nakedsecurity.sophos.com/2016/05/09/notes-from-sophoslabs-the-anti-anti-virus-arms-race/