flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Heap > CCleaner hacked with malware

Author
Thread Post new topic Reply to topic
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
CCleaner hacked with malware
Watch out:

CCleaner hacked with malware: What you need to know
https://www.pcworld.com/article/3225407/security/ccleaner-downloads-infected-malware.html

Wink
Post 26 Sep 2017, 05:05
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 868
More funny is the fact that a software like CCleaner is "needed" in the first place.
Post 26 Sep 2017, 14:12
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6951
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
i saw lots of people using this software, if i remembered correctly, they push this software into smartphone as well,
Post 26 Sep 2017, 14:19
View user's profile Send private message Reply with quote
Coty



Joined: 17 May 2010
Posts: 520
Location: ␀
I actually thought CCleaner was malware... Never researched it. Just assumed.
Post 26 Sep 2017, 17:12
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
CCleaner backdoor infecting millions delivered mystery payload to 40 PCs
Samsung, Asus, Fujitsu, Sony, and Intel among those infected

https://arstechnica.com/information-technology/2017/09/ccleaner-backdoor-infecting-millions-delivered-mystery-payload-to-40-pcs/

Even tech giants are among the victims of the attack. Shouldn't they have sophisticated firewalls to protect their networks?

Wink
Post 27 Sep 2017, 07:04
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6951
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
i think anything could emerge as virus and having backdoors, as long as the attackers got the resources to fund and build such exploits,

abstraction in coding might make things more easier,
now you only need few lines to initiate network connections, calling coc,
Post 27 Sep 2017, 10:47
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 868
Exploits exist in the target code, not the attacker's. If the target code has no exploit, the attacker can't do anything.

Next time, you know who to blame.

This is a different topic though, since the malware was injected into official downloads. It's not even an "exploit" in the traditional sense but pure malware.
Post 27 Sep 2017, 10:56
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6951
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
i consider exploits as anything that could render the application to function beyond defined scope,

as long as the attacker has huge funds, monies, etc, nothing is impossible, even with clean codes that without exploits,

there are simply too many layers before an application could executes,
Post 27 Sep 2017, 11:02
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
We are talking about tech giants here. Shouldn't their MIS/IT professionals thoroughly test the "official" downloads on some development machines/networks before applying them to the production machines/networks?

Human laziness and/or unwillingness to strictly follow well-established safety protocols can be costly!

Confused
Post 27 Sep 2017, 12:40
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 15241
Location: 1I/ʻOumuamua

YONG wrote:
We are talking about tech giants here. Shouldn't their MIS/IT professionals thoroughly test the "official" downloads on some development machines/networks before applying them to the production machines/networks?

Human laziness and/or unwillingness to strictly follow well-established safety protocols can be costly!

But such extra effort costs time and money. Such things affect the CEOs bonus and the company's profit.
Post 27 Sep 2017, 13:32
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.