Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»CCleaner Malware second p...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Related: About this forum

douglas9

(4,474 posts) Thu Sep 21, 2017, 05:03 AM Sep 2017

CCleaner Malware second payload discovered (9.21.17)

A new report by Cisco's Talos Group suggests that the CCleaner hack was more sophisticated than initially thought. The researchers found evidence of a second payload during their analysis of the malware which targeted very specific groups based on domains.

On September 18, 2017 Piriform reported that the company's infrastructure distributed a malicious version of the file cleaning software CCleaner for about a month.

The company's infrastructure was compromised, and users who downloaded version 5.33 of CCleaner from the website or used automatic updates to install it, got the infected version on their system.

We talked about methods to identify if an infected version is installed on the system. Probably the best indicator, apart from checking CCleaner's version, is to check for the existence of Registry keys under HKLMSOFTWAREPiriformAgomo.

https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 6 replies, 2597 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (10) ReplyReply to this post
6 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
CCleaner Malware second payload discovered (9.21.17) (Original Post) douglas9 Sep 2017 OP
I wasn't able to download the updated version so I'm WhiteTara Sep 2017 #1
I've not bothered downloading the latest version so I should be ok but I'll check Kaleva Sep 2017 #2
Fortunately I missed it PDittie Sep 2017 #3
Thanks much for the info! nt ThingsGottaChange Sep 2017 #4
CCleaner Hack May Have Been A State-Sponsored Attack On 18 Major Tech Companies douglas9 Sep 2017 #5
Post removed Post removed Oct 2017 #6

PDittie

(8,322 posts)
3. Fortunately I missed it
Reply to douglas9 (Original post)
Thu Sep 21, 2017, 09:06 AM
Sep 2017

I was prompted to download v 5.33 and immediately prompted to do the same for 5.34. I have in fact just downloaded 5.35 this morning, within the past hour.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

douglas9

(4,474 posts)
5. CCleaner Hack May Have Been A State-Sponsored Attack On 18 Major Tech Companies
Reply to douglas9 (Original post)
Fri Sep 22, 2017, 08:18 AM
Sep 2017

At the beginning of this week, reports emerged that Avast, owner of the popular CCleaner software, had been hacked. Initial investigations by security researchers at Cisco Talos discovered that the intruder not only compromised Avast's servers, but managed to embed both a backdoor and "a multi-stage malware payload" that rode on top of the installation of CCleaner. That infected software -- traditionally designed to help scrub PCs of cookies and other tracking software and malware -- was subsequently distributed by Avast to 700,000 customers (initially, that number was thought to be 2.27 million).

And while that's all notably terrible, it appears initial reports dramatically under-stated both the scope and the damage done by the hack. Initially, news reports and statements by Avast insisted that the hackers weren't able to "do any harm" because the second, multi-stage malware payload was never effectively delivered. But subsequent reports by both Avast and Cisco Talos researchers indicate this payload was effectively delivered -- with the express goal of gaining access to the servers and networks of at least 18 technology giants, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself.

Cisco's researchers say they obtained a copy of the hackers' command-and-control server from an unnamed source. That server contained detailed logs of the 700,000 or so computers that had "phoned home" to the hackers earlier this month. Subsequent investigation has concluded that the hackers didn't really care about most of the infected customers, and that this may have been a sophisticated state-sponsored attack specifically designed access and copy internal information and trade secrets from major tech firms:


https://www.techdirt.com/articles/20170921/11032238260/ccleaner-hack-may-have-been-state-sponsored-attack-18-major-tech-companies.shtml

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Response to douglas9 (Original post)

Name removed Message auto-removed

Reply to this discussion
Latest Discussions»Help & Search»Computer Help and Support»CCleaner Malware second p...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.