CCleaner hacked.

Discussion in 'Press Releases/Announcements' started by jigwashere, Sep 18, 2017.

  1. jigwashere

    jigwashere Life is a circus!

    Messages:
    15,969
    Likes Received:
    7,961
    Trophy Points:
    288
    raspabalsa, r0k, lelisa13p and 2 others like this.
  2. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    18,782
    Likes Received:
    10,398
    Trophy Points:
    288
    scjjtt, r0k, lelisa13p and 1 other person like this.
  3. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    22,320
    Likes Received:
    4,413
    Trophy Points:
    288
    Thread relocation complete.
     
    r0k, RickAgresta and jigwashere like this.
  4. jigwashere

    jigwashere Life is a circus!

    Messages:
    15,969
    Likes Received:
    7,961
    Trophy Points:
    288
    scjjtt and r0k like this.
  5. z22 2006 User

    z22 2006 User BHOT's Own Fluffy

    Messages:
    1,580
    Likes Received:
    218
    Trophy Points:
    238
    For once not updating CCleaner paid off, eheh..
     
  6. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    13,302
    Likes Received:
    1,737
    Trophy Points:
    113
    Nothing funny about it sadly. This place is forgotten, or should I say dead... Once in a great while, an admin of TechTarget might have a sudden awakening and remember this site and forum exist. It has been months since their last visit or contribution. The last 'Headline News' from them was in Feb/March? Who is paying the light bill? Pathetic.
     
    scjjtt, jigwashere and RickAgresta like this.
  7. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    18,782
    Likes Received:
    10,398
    Trophy Points:
    288
    Please keep in mind, hc, that 2017-09-18%2017.31.59-1.jpg doesn't necessarily mean I'm happily agreeing…sadly, yes…*sigh*
     
    headcronie, scjjtt and jigwashere like this.
  8. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    18,782
    Likes Received:
    10,398
    Trophy Points:
    288
    and now, this.....

    the story gets worse, folks:

    CCleaner malware outbreak is much worse than it first appeared
    Microsoft, Cisco, and VMWare among those infected with additional mystery payload.

    The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.

    [​IMG]
    Talos
    Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering. The new evidence—culled from data left on a command-and-control server during the last four days attackers operated it—shows otherwise. Of 700,000 infected PCs, 20 of them, belonging to highly targeted companies, received the second stage, according to an analysis published Wednesday by Cisco Systems' Talos Group.
    Because the CCleaner backdoor was active for 31 days, the total number of infected computers is "likely at least in the order of hundreds," researchers from Avast, the antivirus company that acquired CCleaner in July, said in their own analysis published Thursday.

    From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung. The 20 computers that installed the payload were from eight of those targeted organizations, Avast said, without identifying which ones. Again, because the data covers only a small fraction of the time the backdoor was active, both Avast and Talos believe the true number of targets and victims was much bigger.

    More fileless malware
    The second stage appears to use a completely different control network. The complex code is heavily obfuscated and uses anti-debugging and anti-emulation tricks to conceal its inner workings. Craig Williams, a senior technology leader and global outreach manager at Talos, said the code contains a "fileless" third stage that's injected into computer memory without ever being written to disk, a feature that further makes analysis difficult. Researchers are in the process of reverse engineering the payload to understand precisely what it does on infected networks.

    "When you look at this software package, it's very well developed," Williams told Ars. "This is someone who spent a lot of money with a lot of developers perfecting it. It's clear that whoever made this has used it before and is likely going to use it again."

    Link to Ars Technica story:
    https://arstechnica.com/information...utbreak-is-much-worse-than-it-first-appeared/
     
  9. jigwashere

    jigwashere Life is a circus!

    Messages:
    15,969
    Likes Received:
    7,961
    Trophy Points:
    288
    Great.

    Sent from my Nexus 6 using Tapatalk
     
    lelisa13p and headcronie like this.
  10. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    22,320
    Likes Received:
    4,413
    Trophy Points:
    288
    Ditto. WTF does this mean to us regular people who haven't used it?
     
    jigwashere, raspabalsa, Hook and 2 others like this.

Share This Page