SoylentNews is people
SoylentNews
The popular CCleaner program was hacked for almost a month, with the compromised version including malware that could download and install other programs.
Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago.
Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.
The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.
Clean versions have now be released; if you installed a new version in August or September, you should probably download and install a newer version.
Also submitted via IRC for SoyCow1937
Source: http://www.securityweek.com/millions-download-maliciously-modified-pc-utility [securityweek.com]
(Score: 2) by edIII on Monday September 18 2017, @09:50PM (7 children)
On Ubuntu with BitCleaner, but man do I know a lot of people with CCleaner. Probably because I installed the damn thing...
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Interesting) by RS3 on Monday September 18 2017, @11:33PM (6 children)
Same here, and frustratingly none of my scanners caught it, including MS's and McAfee Stinger and Real Protect. Real Protect has caught stuff before- awesome philosophy- just watches for attempts to write to critical Windows files.
Bugs me- these malware articles come up all the time, but you rarely find exact specifics on how to find and remove the bug.
I uploaded ccsetup533.exe to virustotal and maybe 3/5 of them detect it.
Wouldn't it be awesome if all anti-virus companies collaborated on 1 product...
(Score: 3, Insightful) by drussell on Tuesday September 19 2017, @12:25AM (5 children)
HELL, NO!!!!
Are you insane?! :)
(Score: 2) by RS3 on Tuesday September 19 2017, @01:33AM (4 children)
Possibly. Care to explain, or just bash others?
(Score: 0) by Anonymous Coward on Tuesday September 19 2017, @04:43AM
1 possible explanation: Venn diagram [google.com]
.
...and a whole nuther way to go WRT exploits: An OS that doesn't have The Windoze Registry and which has always had proper file permissions.
I like Linux, but there are others.
...and trying to "fix" an OS that you suspect has been compromised seems pretty crazy to me.
If you think something is afoot, pave over it with a proper install|restoration.
...but then, again, I'm not a Windoze user any more.
-- OriginalOwner_ [soylentnews.org]
(Score: 3, Informative) by anubi on Tuesday September 19 2017, @05:05AM (2 children)
I think what drussel is emphasizing is the strength of second, third, fourth, and so on ... opinions. If they all merged, it would be way too easy to buy them off or slip detection.
( I still think Kaspersky failing to hide some of our TLA snoops is why our own government is so pissed at them. Kaspersky seems to signal they are more beholden to the rest of the world than to the USA. ).
The Government wants to mandate DRM for us, all sorts of copyright law, electronic locks, and whatnot. However, if Kaspersky dishes the same shit to them, they don't take it gracefully do they? By golly, they suddenly have the very same concerns the rest of us have!
I go to VirusTotal [virustotal.com] all the time to have them vet something I intend to run.
Fun Fact, Fun Fact, Fun Fact : Did you know you can take the MD5 hash of your file under study and present it to VirusTotal in the search window? VirusTotal will identify the file if it has seen it and tell you what it thinks it is, and tell you which engines have found fault with it.
Here's a link to the MD5 digester I use. [winmd5.com]
For example, below is the MD5 string my digester calculated for one of my programs: ComboFix.exe. Cut and paste it into VirusTotal to see for yourself.
406b710bfa1db3cf614d3ba0d8032b52
You will see four of VirusTotal's engines found something suspicious about it. The rest said it was OK.
Its that diversity of having many factions looking at it that drussel is so concerned about. For what its worth, so am I.
I do not know if it runs under Win10. I run win7.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by RS3 on Tuesday September 19 2017, @06:26AM
Thank you! Yes, I've used VirusTotal for years. Their website does the MD5 hash for you now. You can still upload the file if you really need to. I also use Jotti- another similar online scanner. It just bugs me that there are so many scanners and none agree. How can anyone ever be safe!
I like and use McAfee Real Protect. I highly recommend it. Much better concept, no virus signature files, updates, etc. needed. It has caught several attacks- I've been experimenting trying to get full control of an Android phone. So much info and so many utilities...
(Score: 3, Informative) by kazzie on Tuesday September 19 2017, @07:59PM
Piriform's "come clean" security notification [piriform.com] describes the malware as targeting "32-bit Windows systems".