As to who is behind this attack and how they infected the official versions of CCleaner, Talos hasn't released anything yet, and Yung isn't providing any other details.
UPDATED Sept. 21: Further analysis of the malware injected into the CCleaner updater, and the malware's command-and-control servers, strongly indicates that the CCleaner hack was an attempt at industrial espionage.
If a machine was infected by CCleaner, a new Cisco report says, the command-and-control server would check whether the infected machine happened to on the internal network of any one of the technology companies on a target list that included Google, Cisco, Samsung, Sony, Epson, D-Link, HTC, Linksys and others. The server would then deliver a "backdoor" to the infected machine for further exploitation.
No Chinese or Russian companies were on the target list."
3 comments:
I finally broke down and started paying for my antivirus in order to get a VPN connection. Good to have when traveling.
I should get a VPN. As for antivirus, I use the "free" Norton provided by my ISP as part of my paid package, but otherwise I wouldn't use anything "free to download" off the internet, ever. I've used CCleaner previously on others machines, but usually only in a last ditch effort to try and save data before doing a clean refresh of the OS. In the 00's, I didn't even use antivirus, because I thought it was just as bad a tax on the system as a virus, and the only time I got a virus that decade, I just reinstalled the OS and it was gone. It used to be hackers looked for efforts to protect devices as a signal the system was worth hacking, so I was just social engineering in reverse. Don't look like a mark, and you're not a mark. Today, systems are fast enough to attack everyone first, determine who you really are, and then like this hack, do specific exploitation later.
I use CCleaner sometimes, but now that I use Chrome, they won't clean it without checking a box. And it you check the box, it erases your entire Chrome history. Maybe the paid version wouldn't do that. Also have paid Malware bytes.
Post a Comment