Author |
Message |
Doddie
|
Posted: Mon Sep 18, 2017 1:16 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1737 Location: Dunedin, Alba.
|
I've never used or installed CCleaner but if I'd updated or installed it between August 15th & September 12th I'd be reaching for a backup, or formatting and re-installing Windows... Downloaded CCleaner lately? Oo, awks... it was stuffed with malware: http://www.theregister.co.uk/2017/09/18 ... downloads/CCleanup: A Vast Number of Machines at Risk: http://blog.talosintelligence.com/2017/ ... e.html?m=1[Note that some of the replies in the comments section at the end of the blog are by "Craig Williams", an author of the Talos blog and posted today... doesn't look good if you don't have a backup prior to August 15th.]Quote: Update 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affected
Introduction
Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons. The Nyetya worm that was released into the wild earlier in 2017 showed just how potent these types of attacks can be. Frequently, as with Nyetya, the initial infection vector can remain elusive for quite some time. Luckily with tools like AMP the additional visibility can usually help direct attention to the initial vector.
Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.
|
|
|
|
|
JoanA
|
Posted: Mon Sep 18, 2017 1:34 pm |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
Thanks for the warning Doddie I'm sure there will be some here very grateful for the notice. Like you I've never used it on any of my machines I was warned off the programme years ago when I got information via the Microsoft Newsgroups, I'm still friends with some of the people I met through them.
|
|
|
|
|
jaylach
|
Posted: Mon Sep 18, 2017 1:35 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9455 Location: The state of confusion; I just use Wyoming for mail.
|
I think I had installed once on Win 2000 or XP but not in years. The first article seems to state pretty strongly that the only fix needed would be to download the latest release but I'm not all that sure that I would have trust in that.
|
|
|
|
|
Doddie
|
Posted: Mon Sep 18, 2017 1:47 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1737 Location: Dunedin, Alba.
|
jaylach wrote: I think I had installed once on Win 2000 or XP but not in years. The first article seems to state pretty strongly that the only fix needed would be to download the latest release but I'm not all that sure that I would have trust in that. I agree, I certainly would not trust that advice which is why I paid more attention to the second article... the first I posted merely for layman's terms about the seriousness, the second I hoped people would also read, paying particular attention to the comments of one of the authors in the comments section... he seems pretty clear that only a backup prior to August 15th or a format and re-install can guarantee any malware is removed.
|
|
|
|
|
JoanA
|
Posted: Mon Sep 18, 2017 1:49 pm |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
jaylach wrote: I think I had installed once on Win 2000 or XP but not in years. The first article seems to state pretty strongly that the only fix needed would be to download the latest release but I'm not all that sure that I would have trust in that. I know I was told if you don't know how to remove things you've installed how can you expect a program to know the set up of your machine, or words to that effect.
|
|
|
|
|
jaylach
|
Posted: Mon Sep 18, 2017 1:52 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9455 Location: The state of confusion; I just use Wyoming for mail.
|
I have often said similar Joan.
|
|
|
|
|
Doddie
|
Posted: Mon Sep 18, 2017 2:06 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1737 Location: Dunedin, Alba.
|
JoanA wrote: ...Microsoft Newsgroups... When MS closed down their NNTP servers that for me was one of the darkest days in the history of Microsoft. To this day I still cannot understand why they dummied down what was a fantastic resource that would surely be the envy of any, and every, platform today. The hours I spent reading their newsgroups back in the days of 95/XP etc were unbelievable... being unemployed for a long period of time left me with little else to do and nearly everything I know today came from them Trashing my PC foolishly running commands and batch files almost became a pastime trying to understand what many of the MVP's etc posted back then... I can honestly say I never had more fun, nor did I ever learn more than I did back then! I never posted to the MS newsgroups though because the level of knowledge was always WAY over my head and I always felt like a fish out of water, that said, I didn't need to because the level of 'knowledge seeking' that went on always meant someone else would ask what I was thinking. Fond days indeed and whilst many of the old 'handles' have long since 'retired' it still puts a smile on my face when the existing ones cross my path... not that they have the slightest idea who the hell I am!
|
|
|
|
|
JoanA
|
Posted: Mon Sep 18, 2017 2:23 pm |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
Yes I agree Doddie, it was a great time. What we called home towards the end was the WinME newsgroup and a few of the MVPs I made friends with there I'm still friends with and keep in touch.
|
|
|
|
|
Doddie
|
Posted: Mon Sep 18, 2017 2:47 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1737 Location: Dunedin, Alba.
|
JoanA wrote: What we called home towards the end was the WinME newsgroup and a few of the MVPs I made friends with there I'm still friends with and keep in touch. You'd need to have had a lot of friends to get you through the pain of WinME! LOL Fwiw, I remember you well... mostly through defunct Forums but I do recall seeing you online occasionally in MS newsgroups... almost certainly not the ME newsgroups though because that OS was fraught with so many issues I avoided it like the plague!
|
|
|
|
|
JoanA
|
Posted: Tue Sep 19, 2017 11:32 am |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
Doddie wrote: JoanA wrote: What we called home towards the end was the WinME newsgroup and a few of the MVPs I made friends with there I'm still friends with and keep in touch. You'd need to have had a lot of friends to get you through the pain of WinME! LOL Fwiw, I remember you well... mostly through defunct Forums but I do recall seeing you online occasionally in MS newsgroups... almost certainly not the ME newsgroups though because that OS was fraught with so many issues I avoided it like the plague! And here's me who never had any problems with it. I started with 98 First Edition, WinME, XP, Vista, 7, 8 and now 10. I belong to several forums but just don't have the time to visit them all, I just can't seem to just skim over threads if I enter one I have to read every single post in them and if an interesting post has a link of interest I get sidetracked and the time just disappears, I do still have to feed hubby and do some housework.
|
|
|
|
|
MacDuffie
|
Posted: Tue Sep 19, 2017 11:36 am |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
I had no problems with WinME either, Joan. I began with Windows 3.1. I also made some long term friends, in my case from the Windows 98 Beta days. We stayed hooked up and began a weekly online chat, which we still do to this day. To say nothing of all the great friends I've made through Computer Haven.
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
JoanA
|
Posted: Tue Sep 19, 2017 11:57 am |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
I didn't go back that far with a computer, the first time I touched one was the one with 98 in September 1998. We decided it was time to get one to help the children as they were starting to use them in school, of course this was the children of my second marriage the ones from my first marriage didn't have such things as computers in school or out of it. We had some good discussions around those newsgroups and it's where I was introduced to forums, especially when Microsoft decided to close theirs down. Just wish I could remember all the things I learned there, I've forgotten more than I can remember.
|
|
|
|
|
MacDuffie
|
Posted: Wed Sep 20, 2017 2:33 pm |
|
|
Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am Posts: 2819
|
Joan, you might be surprised by how much you remember. It's just that you haven't had need for certain data for a long time, but it is still there. I am constantly amazed by things I remember that seemed to come out of nowhere. Some question will come up, or something that reminds me of an old tech fact, and it may take a few moments, but the data will pop up and I'll think, "How the heck did I remember that?!"
_________________ Patty MacDuffie Computer Haven Administrator
Live Long and Prosper Mr. Spock
|
|
|
|
|
JoanA
|
Posted: Thu Sep 21, 2017 6:26 am |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
Oh I know what you mean Patty, I can't even remember growing up but at odd times something will pop into my brain.
Got to try and remember things this morning though as the Internet seems to be having problems with different servers, mainly finding the Microsoft ones. Hopefully I'll be back later fully operational.
|
|
|
|
|
Doddie
|
Posted: Thu Sep 21, 2017 3:15 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1737 Location: Dunedin, Alba.
|
Updated info (a bit technical but interesting imo): http://blog.talosintelligence.com/2017/ ... n.html?m=1Worth noting that the advice about how to ensure the malware is removed if you downloaded/updated the corrupted version of CCleaner is now worded more strongly... Quote: These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor. These findings also support and reinforce our previous recommendation that those impacted by this supply chain attack should not simply remove the affected version of CCleaner or update to the latest version, but should restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system. "reimage", I assume, means format and reinstall Windows.
|
|
|
|
|
|