A technician injected malware into my computer without my knowledge

So this fixer that I asked to fix my busted front audio ports injected my PC with KMS-R@in in order to get rid of the activate windows watermark without my consent/knowledge, and it gave me Floxif.E and Floxif.H, and updated the drivers to fix the back ports, which wasn’t even what I asked him for, is there any legal action I can do to make him take responsibility?

By the way, his store’s affiliated with/backed by ASUS.

Should Anti Virus and Anti Malware layer be the first layer in web application stack or can it seat behind services?

Can you have Anti Virus and Anti Malware layer sitting deep with the microservice layer and have the malicious file flow through all the services ? Argument being the file is in memory and not getting processed until the service we will put the Anti Virus and Anti Malware layer on.

Shouldn’t this be stopped at the routing layer of the application?

How to test a peripheral for malware and more?

My concerns here are of devices like the Rubber Ducky, Bash Bunny, malware-infected USBs and other software-related risks. This does NOT cover hardware risks like the USB Killer.

I currently don’t have a separate computer I can plug things into and let them run wild. I only have an Ubuntu machine that can run VMs like on VirtualBox. I may come across a stray USB and get curious and I’d like to check what’s in that USB. Let’s assume plugging it in won’t physically damage my PC like the USB Killer would.

How can I safely plug in the peripheral (most likely a USB but it can be anything like an audio jack or Ethernet port) to test it? How can I extract the contents of the device without damaging my machine? (I’d prefer to do all this without having to take the device apart)

Can I surf the internet with a Virtual Machine not trying to malware test but may run into some

For this project I want to access software using a VM that may contain malware but I won’t be trying to malware test. I understand that malware can breach but are there any precautions to use the internet and not have the malware come back into my host machine and host network?

Is a VPN and Virtual Machine secure enough for running programs that might include malware

I am trying to start a LEGAL business online but don’t want viruses from any sketchy software that I will be downloading. I will be using a VM and a VPN but was wondering if I needed any other software so my computer, network etc will not be affected. I understand not to have shared files on and all that but still don’t know for sure because some people say some malware can get through Virtual Machines. Thank you for reading and please reply if you can provide any assistance.

Is there an alternative to using hashing to identify malware?

I’m reading a sans paper on IOCs (indicators of compromise) in malware forensics and I came across this interesting obstacle:

polymorphic and metamorphic codes (Paxson, 2011) result in multiple hash identities for the same class of malware

Now I understand the existence of IOCs and the frameworks (such as OpenIOC) purpose is to account for this flaw in using hashing as a way of identification. But I’m trying to dig in a little deeper into the way we use hashing, and perhaps create a solution. Unless there’s already a solution in which case that’d be the answer to this question

Is there an alternative to using hashing to identify malware?

My idea is to create a way to hash something that expresses the level of difference between the two, maybe call this a “measured hash,” where the first, middle, or last portion of hash of length x, shows the same values for binaries with the same values. Maybe, by definition, what I’m describing is no longer a hash but it’d still be a program or function that takes a binary and outputs a fixed length representation of that binary for identification purposes. Then if only one small element of the binary is different, we’d be looking at a hash that is very similar to the hash of the original.

Using sha1 hash as an example: CA422BBF6E52040FF0580F7C209F399897020A7A

Is the result of this sentence:

I’m stealing all your files using this binary but then I’ll recompile another binary after adding or subtracting a few blocks of code

Now if I change the last three words of this sentence I get: F5BB055C7F7E76275C6F0528D2ACD6F288CE7496

Which is no surprise for anyone who knows hashing 101. My proposal is to use a mechanism that gets me something like this for the before CA422BBF6E52040FF0580F7C209F399897020A7A and this for the after: CA422BBF6E52040FF0580F7C209F399897029B10 because, after all, only three words were deleted and replaced by a single word.

What I’m NOT looking for in an answer, is a list of artifacts or frameworks that are already being used to identify malware. What I would like to know is if such a tool already exists or if my idea is preposterous and wouldn’t be of value to forensic investigators looking to share the intelligence of their research.