Jump to content

Cre8asiteforums

Discussing Web Design & Marketing Since 1998

  • Announcements

    • cre8pc

      Thank you! Cre8asiteforums 1998 - 2018   01/18/2018

      Internet Marketing Ninjas released many of the online forums they had acquired, such as WebmasterWorld, SEOChat, several DevShed properties and these forums back to their founders. You will notice a new user interface for Cre8asiteforums, the software was upgraded, and it was moved to a new server. Thank you for your support as we turn 20 years old.  
Sign in to follow this  
bobbb

Hackers Hijacked Ccleaner To Distribute Malware

Recommended Posts

http://www.businessinsider.com/avast-piriform-ccleaner-hijacked-trojan-malware-2017-9

 

The bug affects anyone who downloaded CCleaner version 5.33 or updated their version between August 15 and September 12. Talos is advising anyone who's worried to roll back their systems to a time before August 15, or reinstall them. They will also need to update to the latest version of CCleaner 5.34.

 

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

 

This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates

 

I guess Nirvana would be hacking Microsoft update servers or Google itself

Edited by bobbb

Share this post


Link to post
Share on other sites

Made a joke above about Nirvana.

Well it seems they were trying for Nirvana.

http://www.techrepublic.com/article/ccleaner-hackers-attacked-microsoft-intel-cisco-and-other-tech-giants/

.... the attackers appear to have targeted several large tech companies, including Samsung, Sony, VMware, Intel, Microsoft, Akamai, and Cisco itself.

The server logs may have indicated that 20 machines across eight organizations received the 2nd stage payload.

....to the best of their knowledge, the 2nd stage payload was never delivered.

Share this post


Link to post
Share on other sites

It seems they did find some kind of Nirvana.

 

Microsoft's vulnerability database hacked in 2013, public kept in dark
https://www.techrepublic.com/article/microsofts-vulnerability-database-hacked-in-2013-public-kept-in-dark/

Former Microsoft employees detailed how Microsoft's internal bug database was breached, and how the firm responded.

To be fair, Microsoft could have been keeping the breach a secret in an effort not to alert potential attackers of its database full of vulnerabilities. ;)

Share this post


Link to post
Share on other sites

There is an open source alternative for those interested: BleachBit.

 

And that's supposed to make me feel better. Like Wordpress keeps me sleeping snugly at night.

Share this post


Link to post
Share on other sites

:)

Well, perhaps after you do a personal review and security audit of the open source code base, customise it to your personal Window cleaning requirements... You'll at least enjoy a good nights sleep !!!!

Share this post


Link to post
Share on other sites

I've often given thought to this open source thing. It's its greatest advantage as well as it's greatest disadvantage.

A lot of eyeballs can examine the code to see if there is "problems code" and a lot of eyeballs can examine the code to see if there are holes which can be exploited. In either case how many people can read code and see "what's happenin"?

From what I am reading, in stuff like the Kaspersky debate, they have computers examining source code to "see" if there is nefarious activity. Code examining code. Hmmm... does it also check for exploitable code?

 

Spy vs Spy vs Spy like in the old MAD magazine.

 

What? Me worry.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×