Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Monday September 18 2017, @09:36PM   Printer-friendly
from the oops dept.

The popular CCleaner program was hacked for almost a month, with the compromised version including malware that could download and install other programs.

Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago.

Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.

The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.

Clean versions have now be released; if you installed a new version in August or September, you should probably download and install a newer version.

Also submitted via IRC for SoyCow1937

Source: http://www.securityweek.com/millions-download-maliciously-modified-pc-utility [securityweek.com]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday September 19 2017, @09:06PM

    by Anonymous Coward on Tuesday September 19 2017, @09:06PM (#570360)

    Not buying it for a second.
    Blocking scripts/Java by default at the browser level is the only precaution I have continued to take since I started using Linux.
    Never had a problem.

    The "Which anti-whatever should I use" question comes up routinely at the Linux Mint forum.
    Those threads will have a bunch of folks who note how long they've been using Linux, noting that they simply do their OS updates, and how they too have never had any security-related problems.

    I used to read comp.os.linux.advocacy regularly.
    Periodically, Homer would post an updated list of the most-downloaded apps for Windoze and for Linux.

    The Windoze list was nearly completely "security" apps.

    There wasn't even 1 of those on the Linux list; that always consisted entirely of productivity apps.

    -- OriginalOwner_ [soylentnews.org]