How could an unscrupulous company benefit from knowing my hard drive serial number?

4

I have recently run into some malware on my computer that has gathered up my computer's make and hard drive make and serial number, along with probably many other things.

The malware installed itself along with I believe an application called WINZIPPER that replaced WinRAR. Its installation did the obvious things of changing the start-up page in all of my (common) browsers, and initially ran an executable from a temp folder, though this was once only. It then added its URL to the startup shortcuts for all of my common browsers, including a query string containing all of that information.

Upon starting any of the browsers, it would add this URL:

www.delta-homes.com/?type=<MyComputer'sMake>&ts=<ASerialNumber>&z=<AnotherLongRandomAlphanumericSerialNumber>&from=wpm<Number>&uid=<HardDriveMake+Serial>

From a whois search, the delta-homes.com domain is registered by

Beijing ELEX Technology Co., Ltd.

who appears to be a games maker in China.

Removing all of the above and all references to that URL in the registry, I believe I have found all the points of infection. Though I think one of these web requests was successfully sent, so partly I offer this information as a searchable reference for the common good, and partially to ask what further danger or vulnerability do I have now that information has been stolen.

  1. If this is a known infection, have I found all of the infection points?
  2. With the damage done, what further risk am I now at?

J Collins

Posted 2015-05-28T12:17:43.263

Reputation: 412

2The serial of your HDD is a way to identify you. Since no other HDD of the same model will have the serial number, combined with other information, it can be used as a GUID. We can't possibly know if you have removed all the infection points. Consider just removing that from your question. Even the second question "what benefit" comes from having this information we can only speculate. – Ramhound – 2015-05-28T12:23:27.647

@Ramhound I did wonder about that, though I was hoping this was a relatively standard infection where all of the infection points were known already. On the second question, your answer could be cast as, 'they benefit from identifying you', but I know what you mean. Maybe I could just rephrase it. – J Collins – 2015-05-28T12:34:32.460

If you have any doubt nuke from orbit. – Ramhound – 2015-05-28T12:43:48.203

Looks like MBAM can get you most the way. http://malwaretips.com/blogs/delta-homes-removal/

– Austin T French – 2015-05-28T13:07:25.797

Its just a unique identifier, like your fingerprints. – Moab – 2015-05-29T02:17:19.067

Answers

0

Ad companies make the most money when they can show you ads that are relevant to you and that you're more likely to click. Therefore, there's a big incentive for such companies - both legitimate and shady - to keep track of your habits so they know what to show.

As mentioned in the comments, the hard drive serial number and brand together are a great way to uniquely identify a machine. Drive manufacturers - for purposes of warranty management - do their best to avoid SN duplication. The information would persist across OS reinstalls (useful to them if you got re-infected). It's also not particularly easy to change or fake, unlike computer name or IP address.

So yes, it's a type of fingerprinting. As for whether you fully removed it, who knows. Once bad things run on your computer, it's not your computer any more. The safest bet would be to re-install, but if it's really only just adware, MalwareBytes should take care of it. The only bad thing that the company could do with the SN is give it to other shady companies, but again, there's no security risk there other than unique identification.

Ben N

Posted 2015-05-28T12:17:43.263

Reputation: 32 973

Asked: 2015-05-28T12:17:43.263

Viewed: 92 times

Active: 2016-02-09T02:07:34.520