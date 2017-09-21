The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com) 33
An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.
Reflections On trusting trust (Score:4, Interesting)
If you never read this essay here it is
https://www.ece.cmu.edu/~gange... [cmu.edu]
Malware is slowly moving up the software chain to where this is becoming increasingly plausible.
Difficult to see that level of trust being achieved in this day of ad ridden smartphone aps that demand privelages far beyond what is needed (yet are so often granted because look! shiny virtual candy and puppies and magic swords and achievements and levels and you wouldn't want to consider those 2000 hours and $1200 you spent building your city a waste, would you?)
Why China? The companies targeted already manufacture most of their products in China, so China already has access to their technology.
And people thought I was crazy... (Score:2)
...for outlining why I thought specific 32 bit platforms, like those used by corporate computing because they tend to maintain their existing image over time even if they have 64 bit machines rather than migrating to a 64 bit OS. Home computers have been sold with essentially only 64 bit OSes preinstalled for several years. Only ancient home computers and business computers are still 32 bit. Natural filter, reduces the amount of unwanted communications to the Command and Control servers.
To restate for the mentally impaired, by targeting 32 bit computing platforms as this infection did, it naturally filters-out nearly all home computers. That means that the majority of computers that get infected and phone-home are business computers, which is what they want to target.
Cleaner (Score:2)
You clearly overestimate the intelligence of management, supervisors, and service technicians.
We had a lead technician still trying to use Regclean a few years ago. On Windows 7 and Windows 8.1 computers. Same technician kept setting ethernet interfaces to 10Mbit Half Duplex because he somehow interpreted the time that 10/half was needed to push far beyond the 100m channel-length for a waaaaay overlength data drop as the Setting That We Should All Set.
Why would those companies use CCleaner? (Score:2)
If it's simply a hop-off point, all you need is one engineer who operates outside of his IT department whose specific software needs mandate he has local admin rights on his computer. He runs the tool he uses at home instead of calling IT, and suddenly his box is now the initial penetration point to access the company network.
Don't trust foreign sources for apps (Score:1)
My rule of thumb is never trust a source with foreign ties. We learned this from Kaspersky that its hard to distinguish if they are completely above board or not. Experts have said since Windows 7 that a registry cleaner is absolutely not recommended and could do more harm then good. Obviously they were not thinking in terms of malware. But don't install stuff on your PC that isn't needed.
All I have learned from Kaspersky is that some politician alleged Kaspersky may possibly be spying. No evidence, nothing. Nothing to indicate the politician knows anything above the Internet consisting of virtual tubes either. Everything else followed on from there.
