Jump to content

Cre8asiteforums Internet Marketing
and Conversion Web Design


Photo

Hackers Hijacked Ccleaner To Distribute Malware

hack malware

  • Please log in to reply
6 replies to this topic

#1 bobbb

bobbb

    Sonic Boom Member

  • Hall Of Fame
  • 3,439 posts

Posted 18 September 2017 - 11:34 AM

http://www.businessi...-malware-2017-9

 

The bug affects anyone who downloaded CCleaner version 5.33 or updated their version between August 15 and September 12. Talos is advising anyone who's worried to roll back their systems to a time before August 15, or reinstall them. They will also need to update to the latest version of CCleaner 5.34.

 

http://blog.talosint...es-malware.html

 

This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates

 

I guess Nirvana would be hacking Microsoft update servers or Google itself


Edited by bobbb, 18 September 2017 - 12:47 PM.


#2 iamlost

iamlost

    The Wind Master

  • Site Administrators
  • 5,517 posts

Posted 20 September 2017 - 12:32 PM

There is an open source alternative for those interested: BleachBit.



#3 bobbb

bobbb

    Sonic Boom Member

  • Hall Of Fame
  • 3,439 posts

Posted 22 September 2017 - 09:46 AM

Made a joke above about Nirvana.

Well it seems they were trying for Nirvana.

http://www.techrepub...er-tech-giants/

 

.... the attackers appear to have targeted several large tech companies, including Samsung, Sony, VMware, Intel, Microsoft, Akamai, and Cisco itself.

The server logs may have indicated that 20 machines across eight organizations received the 2nd stage payload.

....to the best of their knowledge, the 2nd stage payload was never delivered.


#4 bobbb

bobbb

    Sonic Boom Member

  • Hall Of Fame
  • 3,439 posts

Posted 19 October 2017 - 10:43 AM

It seems they did find some kind of Nirvana.

 

Microsoft's vulnerability database hacked in 2013, public kept in dark
https://www.techrepu...c-kept-in-dark/
 

Former Microsoft employees detailed how Microsoft's internal bug database was breached, and how the firm responded.

To be fair, Microsoft could have been keeping the breach a secret in an effort not to alert potential attackers of its database full of vulnerabilities. ;)


#5 glyn

glyn

    Sonic Boom Member

  • Hall Of Fame
  • 3,301 posts

Posted 20 October 2017 - 02:25 AM

There is an open source alternative for those interested: BleachBit.

 

And that's supposed to make me feel better. Like Wordpress keeps me sleeping snugly at night.



#6 iamlost

iamlost

    The Wind Master

  • Site Administrators
  • 5,517 posts

Posted 20 October 2017 - 07:06 AM

:)
Well, perhaps after you do a personal review and security audit of the open source code base, customise it to your personal Window cleaning requirements... You'll at least enjoy a good nights sleep !!!!

#7 bobbb

bobbb

    Sonic Boom Member

  • Hall Of Fame
  • 3,439 posts

Posted 20 October 2017 - 10:55 AM

I've often given thought to this open source thing. It's its greatest advantage as well as it's greatest disadvantage.

A lot of eyeballs can examine the code to see if there is "problems code" and a lot of eyeballs can examine the code to see if there are holes which can be exploited. In either case how many people can read code and see "what's happenin"?

From what I am reading, in stuff like the Kaspersky debate, they have computers examining source code to "see" if there is nefarious activity. Code examining code. Hmmm... does it also check for exploitable code?

 

Spy vs Spy vs Spy like in the old MAD magazine.

 

What? Me worry.





RSS Feed


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users