Someone who should have known better (and who is not me) got Koobface installed onto my machine yesterday. I’ve taken care of it. But in the meanwhile, what are the chances any of my personal info got sent out to some bad guy? Does the worm routinely succeed at this, or only sometimes?
Info that’s probably stored on my computer may include my bank account login info as well as one of my credit card numbers. Neither of those autofills anywhere online that I know of, but who knows, maybe it’s stored in some old cookie somehwere.
Mother-in-Law did type in a bank account number and other information during the course of the 24 hours. Does Koobface do keylogging?
-Kris
Seems safest to just contact your bank/etc. and get things changed to new info, either way.
Mmmmmm… Seems like a lot of trouble for what may be a tiny risk. That’s why I’m asking what the risk level is.
And even if info got sent out, to my knowledge there’s still only a tiny risk, since credit card companies will reimburse unauthorized charges and since banks will usually do so too. (And mine, a credit union, is in the habit of being very customer-oriented about things that banks aren’t necessarily customer oriented about.)
Truthfully, I only asked the question in the OP because dearest mother in law is freaking out.
First off, cookies wont hold credit card information nor will your cache. Vendors are careful not to leave this information laying around, especially in non-encrypted form.
Koobface downloads other trojans and installs them, so its really unknown exactly what happens. I would assume that everything was keylogged and all files have been sent to the attackers. That means canceling credit cards if you had a plaintext file with your credit card info and changing any passwords you’ve typed in during that period.
Use encryption on important data files and run windows as a limited user in the future to be immune to this kind of stuff.
I don’t know what this means. Why would I have any file with CC info, much less a plaintext one? And what does having a file have to do with keylogging?
ETA: I understand now–I missed your phrase “and all files have been sent to the attackers.”
Also, about running limited user accounts, I had the impression that in Vista, even “administrator” accounts are basically limited user accounts, and that to really do admin stuff you have to explicitly right click on files and select “run as administrator.” Is that true or not?
A related question: In a Vista limited user account, is there anything I can’t do that I could have done in a Vista administrator account? I suspect not, because the “run as admin” option is available in both accounts, I just need an admin password from the former and not from the latter. Moreover, I doubt anything that can be done from an admin account that can’t from a limited account in Vista needs to be done very often, but I don’t know that for sure because I don’t know exactly what you can do in an admin account that you can’t from a limited account.