CCleaner hack

Image
Need help with your PC hardware or software? Ask for it here
User avatar
DarkDeamon
Vice Admiral
Vice Admiral
Posts: 2413
Joined: Sun Mar 08, 2009 12:39 pm
Gender: Male
Location: Over the hills and far away
Contact:

Re: CCleaner hack

Post by DarkDeamon » Fri Sep 22, 2017 11:39 am

Tokai, if you've had notifications that something has been blocked from CCleaner then format your drive now as you have the infected version. The main payload it infects you with can't be stopped by conventional AV. You are just seeing the other bits it's trying to use to investigate your network and spread.
Your also not safe trusting a VM to isolate and protect your main PC as some viruses are able to subvert memory to break out of the VM and infect the host.
Linux systems also need AV protection as do Macs

Bill, if your gaming PC starts running slow then you might just want to format it as it's likely to be riddled!
aka EvilB@stard
Insurgency Config maniac
Putting my hacks on your PC :devil:

User avatar
Ztranier
Warrant Officer
Warrant Officer
Posts: 500
Joined: Tue Apr 18, 2017 3:06 pm
Gender: Male
Steam: =EBS= Ztranier [DPT]/ http://steamcommunity.com/profiles/76561198008007768/
Location: Düsseldorf/ GER

Re: CCleaner hack

Post by Ztranier » Fri Sep 22, 2017 11:54 am

thanks toks, i´ll give it a try

User avatar
DarkDeamon
Vice Admiral
Vice Admiral
Posts: 2413
Joined: Sun Mar 08, 2009 12:39 pm
Gender: Male
Location: Over the hills and far away
Contact:

Re: CCleaner hack

Post by DarkDeamon » Fri Sep 22, 2017 12:17 pm

Conventional AV/ Anti-malware products are all signature based. The company maintaining the product finds a virus and does a checksum signature scan for all the files related to that virus. You then upload these signatures and your software scans for anything on your system with the same signature and flags it up if it finds it.

The vendors are always on the back foot and there is always a delay between a virus appearing in the wild and the security vendors discovering it and it's signatures which the hackers try maximise and exploit.

This is malware and accounts for about 85% of the known bad stuff out there. You can buy this stuff and the means to delivery it cheap on the darkweb. Some of the vendors even offer a 'price per successful infection'.

You then get malware+ which can scramble it's signature on the fly and defeats virtually all traditional av. Even when the AV vendors find it, it changes constantly and today's signature probably won't work tomorrow. This is quite a bit more expensive on the darkweb but is still for sale and probably accounts for around 10%.

Then you get malware++. This is the really bad shit that can't be detected except with specialist tools beyond the reach and ability of home users to detect. Tbh, a lot of companies don't realise they have this shit until an outside agency tells them. It can sit inside a network for months undetected extracting information and basically rape a company before spreading itself to other companies they deal/ work with. This is how some the recent russian and chinese military hardware has what is basically american/european tech on them. Why design it yourself when you can let someone else do the hardwork and them steal it from them!

I'm running traditional AV on ALL our PC's and servers (inc linux and mac systems), I'm also about to force AV on all our mobile users if the meeting on monday with the board of directors goes ok as we have lost data through mobile recently.
We also have a SIEM system that monitors all our server logs and all the traffic in and out of our network and flags up unusual traffic to known virus control servers.
Am also about to deploy next gen AV which is not signature based and is very complex and incredibly clever (look up Carbon Black)
Even with all this protection, my biggest problem is the end users who, quite frankly, are idiots and the biggest risk to company data!
aka EvilB@stard
Insurgency Config maniac
Putting my hacks on your PC :devil:

User avatar
TokaiTele
Warrant Officer
Warrant Officer
Posts: 119
Joined: Tue Dec 22, 2015 7:26 pm
Gender: Male
Steam: http://steamcommunity.com/profiles/76561198028417860/
Location: Earth

Re: CCleaner hack

Post by TokaiTele » Fri Sep 22, 2017 12:18 pm

Are you sure Dark? I know that once you run an on-demand scan and find a trojan you should format but not when the real-time protection blocks it. I don't mind formatting, it's just a pain because I have only just set up my dev environment on vm and win 10. Also, the chance of getting a virus on a linux distro is rather remote. Plus, because there are so many distros of varying types a virus will have a hard time migrating from one to the other, although I am aware it is possible. Also, running linux on a vm should be pretty robust.

I will think about it but thanks for your advice Dark.

Edit: looking through some info and found this interesting article regarding Avast's acquirement of Piriform (the guys who write CCLeaner)
https://malwaretips.com/threads/ccleane ... 509/page-3

User avatar
BillBailey
Vice Admiral
Vice Admiral
Posts: 3346
Joined: Sat Apr 19, 2008 3:22 pm
Gender: Male
Facebook: https://www.facebook.com/bill.bailey.9212301
Location: Birmingham

Re: CCleaner hack

Post by BillBailey » Fri Sep 22, 2017 2:02 pm

Bill, if your gaming PC starts running slow then you might just want to format it as it's likely to be riddled!
Nope, no problems at all with my PC. And as iv'e already stated the version of CCleaner I have is an older version.
I never update it, it's just a tool for tiding up the reg.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests