Sunday, October 1, 2017

"CCleaner Hacked With Data-Stealing Malware: What to Do Now"

"Fortunately, the impact of this affected [5.33] version of CCleaner may be mitigated by more than its lack of automatic updates. The Floxif malware appears to infect only 32-bit Windows systems, and most PCs sold in the last 5 years run 64-bit Windows.
As to who is behind this attack and how they infected the official versions of CCleaner, Talos hasn't released anything yet, and Yung isn't providing any other details.
UPDATED Sept. 21: Further analysis of the malware injected into the CCleaner updater, and the malware's command-and-control servers, strongly indicates that the CCleaner hack was an attempt at industrial espionage. 
If a machine was infected by CCleaner, a new Cisco report says, the command-and-control server would check whether the infected machine happened to on the internal network of any one of the technology companies on a target list that included Google, Cisco, Samsung, Sony, Epson, D-Link, HTC, Linksys and others. The server would then deliver a "backdoor" to the infected machine for further exploitation.
No Chinese or Russian companies were on the target list."

3 comments:

deborah said...

I finally broke down and started paying for my antivirus in order to get a VPN connection. Good to have when traveling.

Leland said...

I should get a VPN. As for antivirus, I use the "free" Norton provided by my ISP as part of my paid package, but otherwise I wouldn't use anything "free to download" off the internet, ever. I've used CCleaner previously on others machines, but usually only in a last ditch effort to try and save data before doing a clean refresh of the OS. In the 00's, I didn't even use antivirus, because I thought it was just as bad a tax on the system as a virus, and the only time I got a virus that decade, I just reinstalled the OS and it was gone. It used to be hackers looked for efforts to protect devices as a signal the system was worth hacking, so I was just social engineering in reverse. Don't look like a mark, and you're not a mark. Today, systems are fast enough to attack everyone first, determine who you really are, and then like this hack, do specific exploitation later.

deborah said...

I use CCleaner sometimes, but now that I use Chrome, they won't clean it without checking a box. And it you check the box, it erases your entire Chrome history. Maybe the paid version wouldn't do that. Also have paid Malware bytes.