ive, never, used, installed, ccleaner, but, updated, between, august, amp, september, reaching, for, backup, formatting, and, re-installing, windows, downloaded, lately, awks, was, stuffed, with, malware, http, www, theregister, downloads, ccleanup, vast, number, machines, risk, blog, talosintelligence, com, html, note, that, some, the, replies, comments, section, end, are, quot, craig, williams, author, talos, posted, today, doesnt, look, good, you, dont, have, prior, quote, update, cloud, version, also, reported, affected, introduction, supply, chain, attacks, very, effective, way, distribute, malicious, software, into, target, organizations, this, because, attackers, relying, trust, relationship, manufacturer, supplier, customer, then, abused, attack, individuals, may, performed, different, reasons, nyetya, worm, released, wild, earlier, showed, just, how, potent, these, types, can, frequently, initial, infection, vector, remain, elusive, quite, time, luckily, tools, like, additional, visibility, usually, help, direct, attention, recently, observed, case, where, download, servers, vendor, legitimate, package, were, leveraged, deliver, unsuspecting, victims, period, signed, being, distributed, avast, contained, multi-stage, payload, rode, top, installation, boasted, over, billion, total, november, growth, rate, million, users, per, week, given, potential, damage, could, caused, network, infected, computers, even, tiny, fraction, size, decided, move, quickly, cisco, immediately, notified, our, findings, they, initiate, appropriate, response, activities, following, sections, will, discuss, specific, details, regarding,     i've never used or installed ccleaner but if i'd updated or installed it between august th amp september th i'd be reaching for a backup or formatting and re-installing windows downloaded ccleaner lately oo awks it was stuffed with malware http www theregister co uk downloads ccleanup a vast number

Register    Login    Search    FAQ     Articles & downloads     Donate

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post Posted: Mon Sep 18, 2017 1:16 pm 
Offline
welcoming committee

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 663
I've never used or installed CCleaner but if I'd updated or installed it between August 15th & September 12th I'd be reaching for a backup, or formatting and re-installing Windows...

Downloaded CCleaner lately? Oo, awks... it was stuffed with malware:
http://www.theregister.co.uk/2017/09/18 ... downloads/

CCleanup: A Vast Number of Machines at Risk:
http://blog.talosintelligence.com/2017/ ... e.html?m=1
[Note that some of the replies in the comments section at the end of the blog are by "Craig Williams", an author of the Talos blog and posted today... doesn't look good if you don't have a backup prior to August 15th.]

Quote:
Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected


Introduction


Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons. The Nyetya worm that was released into the wild earlier in 2017 showed just how potent these types of attacks can be. Frequently, as with Nyetya, the initial infection vector can remain elusive for quite some time. Luckily with tools like AMP the additional visibility can usually help direct attention to the initial vector.

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 1:34 pm 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1508
Location: Pembrokeshire, South Wales, UK
Thanks for the warning Doddie I'm sure there will be some here very grateful for the notice.

Like you I've never used it on any of my machines I was warned off the programme years ago when I got information via the Microsoft Newsgroups, I'm still friends with some of the people I met through them. :-)

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 1:35 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6560
Location: The state of confusion; I just use Wyoming for mail.
I think I had installed once on Win 2000 or XP but not in years. The first article seems to state pretty strongly that the only fix needed would be to download the latest release but I'm not all that sure that I would have trust in that.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 1:47 pm 
Offline
welcoming committee

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 663
jaylach wrote:
I think I had installed once on Win 2000 or XP but not in years. The first article seems to state pretty strongly that the only fix needed would be to download the latest release but I'm not all that sure that I would have trust in that.

I agree, I certainly would not trust that advice which is why I paid more attention to the second article... the first I posted merely for layman's terms about the seriousness, the second I hoped people would also read, paying particular attention to the comments of one of the authors in the comments section... he seems pretty clear that only a backup prior to August 15th or a format and re-install can guarantee any malware is removed.


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 1:49 pm 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1508
Location: Pembrokeshire, South Wales, UK
jaylach wrote:
I think I had installed once on Win 2000 or XP but not in years. The first article seems to state pretty strongly that the only fix needed would be to download the latest release but I'm not all that sure that I would have trust in that.


I know I was told if you don't know how to remove things you've installed how can you expect a program to know the set up of your machine, or words to that effect. ;)

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 1:52 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6560
Location: The state of confusion; I just use Wyoming for mail.
I have often said similar Joan.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 2:06 pm 
Offline
welcoming committee

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 663
JoanA wrote:
...Microsoft Newsgroups...

When MS closed down their NNTP servers that for me was one of the darkest days in the history of Microsoft.
To this day I still cannot understand why they dummied down what was a fantastic resource that would surely be the envy of any, and every, platform today.

The hours I spent reading their newsgroups back in the days of 95/XP etc were unbelievable... being unemployed for a long period of time left me with little else to do and nearly everything I know today came from them :)

Trashing my PC foolishly running commands and batch files almost became a pastime trying to understand what many of the MVP's etc posted back then... I can honestly say I never had more fun, nor did I ever learn more than I did back then!

I never posted to the MS newsgroups though because the level of knowledge was always WAY over my head and I always felt like a fish out of water, that said, I didn't need to because the level of 'knowledge seeking' that went on always meant someone else would ask what I was thinking.

Fond days indeed and whilst many of the old 'handles' have long since 'retired' it still puts a smile on my face when the existing ones cross my path... not that they have the slightest idea who the hell I am! :lol:


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 2:23 pm 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1508
Location: Pembrokeshire, South Wales, UK
Yes I agree Doddie, it was a great time. What we called home towards the end was the WinME newsgroup and a few of the MVPs I made friends with there I'm still friends with and keep in touch.

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Sep 18, 2017 2:47 pm 
Offline
welcoming committee

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 663
JoanA wrote:
What we called home towards the end was the WinME newsgroup and a few of the MVPs I made friends with there I'm still friends with and keep in touch.

You'd need to have had a lot of friends to get you through the pain of WinME! LOL

Fwiw, I remember you well... mostly through defunct Forums but I do recall seeing you online occasionally in MS newsgroups... almost certainly not the ME newsgroups though because that OS was fraught with so many issues I avoided it like the plague! ;)


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Sep 19, 2017 11:32 am 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1508
Location: Pembrokeshire, South Wales, UK
Doddie wrote:
JoanA wrote:
What we called home towards the end was the WinME newsgroup and a few of the MVPs I made friends with there I'm still friends with and keep in touch.

You'd need to have had a lot of friends to get you through the pain of WinME! LOL

Fwiw, I remember you well... mostly through defunct Forums but I do recall seeing you online occasionally in MS newsgroups... almost certainly not the ME newsgroups though because that OS was fraught with so many issues I avoided it like the plague! ;)


:rofl2: And here's me who never had any problems with it. I started with 98 First Edition, WinME, XP, Vista, 7, 8 and now 10.

I belong to several forums but just don't have the time to visit them all, I just can't seem to just skim over threads if I enter one I have to read every single post in them and if an interesting post has a link of interest I get sidetracked and the time just disappears, I do still have to feed hubby and do some housework. :lol:

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Sep 19, 2017 11:36 am 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
I had no problems with WinME either, Joan. I began with Windows 3.1. I also made some long term friends, in my case from the Windows 98 Beta days. We stayed hooked up and began a weekly online chat, which we still do to this day. To say nothing of all the great friends I've made through Computer Haven. :)

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Sep 19, 2017 11:57 am 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1508
Location: Pembrokeshire, South Wales, UK
I didn't go back that far with a computer, the first time I touched one was the one with 98 in September 1998. We decided it was time to get one to help the children as they were starting to use them in school, of course this was the children of my second marriage the ones from my first marriage didn't have such things as computers in school or out of it. :-)

We had some good discussions around those newsgroups and it's where I was introduced to forums, especially when Microsoft decided to close theirs down. Just wish I could remember all the things I learned there, I've forgotten more than I can remember. :-(

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Sep 20, 2017 2:33 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
Joan, you might be surprised by how much you remember. It's just that you haven't had need for certain data for a long time, but it is still there. I am constantly amazed by things I remember that seemed to come out of nowhere. Some question will come up, or something that reminds me of an old tech fact, and it may take a few moments, but the data will pop up and I'll think, "How the heck did I remember that?!"

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Sep 21, 2017 6:26 am 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1508
Location: Pembrokeshire, South Wales, UK
Oh I know what you mean Patty, I can't even remember growing up but at odd times something will pop into my brain.

Got to try and remember things this morning though as the Internet seems to be having problems with different servers, mainly finding the Microsoft ones. Hopefully I'll be back later fully operational.

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Sep 21, 2017 3:15 pm 
Offline
welcoming committee

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 663
Updated info (a bit technical but interesting imo):
http://blog.talosintelligence.com/2017/ ... n.html?m=1

Worth noting that the advice about how to ensure the malware is removed if you downloaded/updated the corrupted version of CCleaner is now worded more strongly...

Quote:
These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor. These findings also support and reinforce our previous recommendation that those impacted by this supply chain attack should not simply remove the affected version of CCleaner or update to the latest version, but should restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system.

"reimage", I assume, means format and reinstall Windows.


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 15 posts ] 

Board index » Technical Forums » Security


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Similar topics


Jump to: