The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com)

← Back to Stories (view on slashdot.org)

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com)

Posted by msmash on Thursday September 21, 2017 @02:00AM from the security-woes dept.

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.

151 comments

Min score:

Reason:

Sort:

Reflections On trusting trust by goombah99 · 2017-09-21 02:07 · Score: 5, Interesting

If you never read this essay here it is
https://www.ece.cmu.edu/~gange...
Malware is slowly moving up the software chain to where this is becoming increasingly plausible.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:23 · Score: -1
  
  Too long, didn't read. Why can't you just summarize it for us you miserable fuck?
2. Re:Reflections On trusting trust by msmash+(14958) · 2017-09-21 02:36 · Score: -1, Troll
  
  More malware is circulating around. It would *not* be circulating around if RUSSIANS had not medalled in American elections and given Donald TRUMP the rightful votes which Hillary should have had. Instead of Hillary doing the right thing and putting an end to Russia once and for all, we have Russian hackers and malware on the loose. And TRUMP treats the world like his own game show, The Apprentice.
  
  - msmash
3. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:36 · Score: 0, Insightful
  
  Spoken like a true Republican illiterate. "We don't want to read it to know what's in it, just pass it and find out."
4. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:36 · Score: 0
  
  Finally, someone here says what we're all thinking. No one wants to click external articles and be subjected to ads, malware, etc. If you have a thought, write it here, and make it short.
5. Re: Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:38 · Score: -1
  
  Wait, are you the moderator here? No wonder this site has gone to shit, you're a loon.
6. Re:Reflections On trusting trust by forkfail · 2017-09-21 02:39 · Score: 1
  
  Difficult to see that level of trust being achieved in this day of ad ridden smartphone aps that demand privelages far beyond what is needed (yet are so often granted because look! shiny virtual candy and puppies and magic swords and achievements and levels and you wouldn't want to consider those 2000 hours and $1200 you spent building your city a waste, would you?)
  
  --
  Check your premises.
7. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:44 · Score: 0
  
  Yeah, I'm gonna download some rando pdf to tell me something about malware. Nice try, Boris.
8. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:49 · Score: 0
  
  He could have at least summarized the content and then provided a link to the source if anyone wanted read further.
9. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 02:51 · Score: 1
  
  Is Drumpf Russia's medal for meddling with HER votes?
10. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 03:09 · Score: -1
  
  Go fuck yourself illiterate faggot who can't even keep malware off their box lol
11. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 03:29 · Score: 0
  
  the same why you mom could keep you off her box?
12. Re: Reflections On trusting trust by Anonymous Coward · 2017-09-21 03:33 · Score: 0
  
  Holy shit you're insane.
13. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 03:39 · Score: 0
  
  It's not his fault you are an illiterate moron.
14. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 04:06 · Score: 0
  
  Delusional salty snowflakes. Delusional salty snowflakes everywhere.
15. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 04:15 · Score: 0
  
  "We have to pass the bill so that you can find out what is in it." -- Not a Republican 2010
16. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-21 04:40 · Score: 0
  
  No, you have it backwards. The Russians gave themselves a medal for helping keep Crooked Hillary out of the White House.
17. Re: Reflections On trusting trust by Anonymous Coward · 2017-09-21 08:42 · Score: 0
  
  It's sad that I can't tell if this is satire.
  You are either hilarious, or a total fucking imbecile.
18. Re:Reflections On trusting trust by Maritz · 2017-09-21 20:53 · Score: 1
  
  Sorry, but most people who are aware of Trump's unlimited limitations would agree that this comment is a bucket of shit written by an idiot.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
19. Re:Reflections On trusting trust by Zero__Kelvin · 2017-09-21 21:31 · Score: 1
  
  It was always plausible. It seems you didn't read it or don't understand what you read.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
20. Re:Reflections On trusting trust by Anonymous Coward · 2017-09-22 15:06 · Score: 0
  
  Yes, I concur wholeheartedly that your comment is shit.
Russia or China by Anonymous Coward · 2017-09-21 02:10 · Score: 0

One or the other... taking bets...
My money is on China.
1. Re:Russia or China by TWX · 2017-09-21 02:42 · Score: 1
  
  Why China? The companies targeted already manufacture most of their products in China, so China already has access to their technology.
  
  --
  Do not look into laser with remaining eye.
2. Re:Russia or China by Anonymous Coward · 2017-09-21 10:02 · Score: 0
  
  How many years out is R&D ahead of manufacturing though? 1-2 years? More?
3. Re:Russia or China by Maritz · 2017-09-21 20:59 · Score: 1
  
  Russia are engaged in low-intensity warfare with the US. They're funding and inciting extremes at both ends of the political spectrum. It's working a treat, and the President can't get his tongue far enough up Dear Leader Vlad's ass.
  I fully expect them to be behind both this and Equifax, and numerous others. And you can be sure that whoever challenges Trump in 3 years will have plenty of relevatory 'hacks' at inconvenient times, right on schedule.
  A fucking pathetic effort, to be honest.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
4. Re:Russia or China by fedos · 2017-09-22 05:30 · Score: 1
  
  It was Lithuania.
And people thought I was crazy... by TWX · 2017-09-21 02:21 · Score: 1, Interesting

...for outlining why I thought specific 32 bit platforms, like those used by corporate computing because they tend to maintain their existing image over time even if they have 64 bit machines rather than migrating to a 64 bit OS. Home computers have been sold with essentially only 64 bit OSes preinstalled for several years. Only ancient home computers and business computers are still 32 bit. Natural filter, reduces the amount of unwanted communications to the Command and Control servers.

--
Do not look into laser with remaining eye.
1. Re:And people thought I was crazy... by Anonymous Coward · 2017-09-21 02:31 · Score: 0
  
  Does anyone understand what TWX just said?
  If so, could you restate it in English, please?
  I do agree with the benefits of natural fiber.
2. Re:And people thought I was crazy... by TWX · 2017-09-21 02:40 · Score: 2, Insightful
  
  To restate for the mentally impaired, by targeting 32 bit computing platforms as this infection did, it naturally filters-out nearly all home computers. That means that the majority of computers that get infected and phone-home are business computers, which is what they want to target.
  A business is a place where people go to make money. Except your mom, she goes to the local street corner, which is how she got saddled with you.
  
  --
  Do not look into laser with remaining eye.
3. Re:And people thought I was crazy... by ArchieBunker · 2017-09-21 03:38 · Score: 1
  
  What the fuck are you talking about? 64 bit desktops have been sold for over a decade now. Why would a business be using a 32 bit OS unless they are still stuck on XP?
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
4. Re:And people thought I was crazy... by JohnFen · 2017-09-21 04:27 · Score: 1
  
  Why would a business be using a 32 bit OS unless they are still stuck on XP?
  An understandable question to which there isn't a single answer (except in the abstract: because it's cheaper and safer* for them to stay with what they have).
  *safer, in this context, means that when you upgrade (especially an upgrade on the scale of this) you are taking a risk that things are going to break. Not upgrading means you aren't taking that risk. Most businesses will not upgrade unless they have a very strong reason to.
5. Re:And people thought I was crazy... by Anonymous Coward · 2017-09-21 04:50 · Score: 0
  
  ...for outlining why I thought specific 32 bit platforms, blah blah blah.
  You never actually finished that thought, hence TWX's response.
  We get the point you were trying to make, but the way it was delivered, was lacking in proper sentence structure.
6. Re:And people thought I was crazy... by Anonymous Coward · 2017-09-21 05:14 · Score: 1
  
  I'll say,
  Ive worked in Corporate IT depts for nearly 20 years, the day Windows 7 came out we went with 64bit, and Office followed shortly after, a few exceptions were people finance that stayed on the 32bit version of office 2010 because their add-ins and stuff "took a while" to get updated.
  Company I work for now which is a fortune 50 company - Windows 10/64bit/Office2016 has been the standard company wide image for some time now with UEFI/Secure boot, and bitlocker enforced on ALL machines (yes including desktops). Remember wannacry? Yeah that got in, and the security department shut it down very quickly with a SEP policy to block the ports it was using - client machines don't need SMB incoming open typically. And I occasionally see emails going past requesting a machine get reimaged because its got noticed "phoning home".
  Must be pretty backwards company to still be in the 32bit world and the limitation that go with it.
7. Re:And people thought I was crazy... by Anonymous Coward · 2017-09-21 05:35 · Score: 0
  
  But shit like HVAC or even PLC software for remote maintenance are still 32 bit. Not every business is going to rp out the AC and not every support contract includes free upgrades to the lastest software/hardware.
  You still have to allow vendors in to manage remote gear, and they are much less likely to stay up to speed.
8. Re:And people thought I was crazy... by Anonymous Coward · 2017-09-21 05:52 · Score: 0
  
  Why would a business be using a 32 bit OS unless they are still stuck on XP?
  Some businesses run software that won't run properly on anything newer than Windows XP 32-bit.
  Some businesses run even older 16-bit software that, while it may run on Win7, will only run on 32-bit Win7 because the 64-bit version of the OS tossed backward compatibility with 16-bit.
9. Re:And people thought I was crazy... by Anonymous Coward · 2017-09-21 08:44 · Score: 0
  
  What the fuck are you talking about? 64 bit desktops have been sold for over a decade now. Why would a business be using a 32 bit OS unless they are still stuck on XP?
  Actually, there was a 64-bit version of XP.
  There is one reason to still have 32-bit systems - DOS emulation of very old programs, since DOS emulation was removed from 64-bit windows.
  My company has one such application running in a firewalled off sandbox. The application still works, the original vendor went out of business a long time ago, and replacing it will be very expensive. But aside from that, it's all 64-bit here.
10. Re:And people thought I was crazy... by Maritz · 2017-09-21 21:02 · Score: 1
  
  I suspect your assertion that corporations mainly use old 32 bit computers is largely bollocks. It's 2017.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
11. Re:And people thought I was crazy... by david_thornley · 2017-09-22 05:57 · Score: 1
  
  We used 64-bit XP, because some of our software would overflow the available 32-bit memory space on particularly large inputs. I understand it had compatibility problems, but not for what we were doing.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
12. Re:And people thought I was crazy... by TWX · 2017-09-22 08:47 · Score: 1
  
  You misread it. It isn't that corporations mainly run 32-bit OS, it's that one won't find 32-bit OS anywhere else besides corporations.
  
  --
  Do not look into laser with remaining eye.
Cleaner by Impy+the+Impiuos+Imp · 2017-09-21 02:21 · Score: 1

Ben Kenobi: ...so you can see it was cleaning them...from a certain point of view.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Problem between keyboard and chair... by cdreimer · 2017-09-21 02:23 · Score: -1

I blame the users with admin privileges. I can't imagine an enterprise-level IT department using CCleaner as an approved application. However, this is an application that a user with admin privileges would install because they know better than the IT department. Which is what the hackers are counting on.
1. Re:Problem between keyboard and chair... by TWX · 2017-09-21 02:34 · Score: 3, Insightful
  
  You clearly overestimate the intelligence of management, supervisors, and service technicians.
  We had a lead technician still trying to use Regclean a few years ago. On Windows 7 and Windows 8.1 computers. Same technician kept setting ethernet interfaces to 10Mbit Half Duplex because he somehow interpreted the time that 10/half was needed to push far beyond the 100m channel-length for a waaaaay overlength data drop as the Setting That We Should All Set.
  My point is that a lot of myth and misunderstanding goes into IT, and often we get good results despite the stupidity, rather than because of it. I have no doubt that some technicians swore by CCleaner and used it in the corporate setting, and some IT departments even routinely used it in lieu of reimaging infected computers.
  
  --
  Do not look into laser with remaining eye.
2. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 02:43 · Score: 0
  
  Yes, in your case, is this the chair you mean?
3. Re:Problem between keyboard and chair... by ILoveFatCashews · 2017-09-21 02:48 · Score: 0
  
  Yes, in your case, is this the chair you mean?
  Were you born retarded or does being in the presence of fat people make you retarded?
4. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 03:14 · Score: 0
  
  I blame the users with admin privileges. I can't imagine an enterprise-level IT department using CCleaner as an approved application.
  I blame the enterprise-level IT department that's too fucking stupid to revoke admin privileges from their users. As well as being too fucking stupid to maintain a list of what's being installed on systems for review and audit purposes. As well as being too fucking stupid to provide a suite of self-service installers for the software users actually do have legitimate business needs for, without granting admin privileges to the users for installing anything they think looks shiny and exciting.
  Maybe creimer wrote the enterprise-level IT department standards that allowed it. This is what happens when your ditch digging infosec miracle workers are pulling triple duty as IT, Custodial, and Security staff!
5. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 03:21 · Score: 0
  
  I only vaguely familiar with RegClean. It's an MS util, yes? What does using it foul up?
6. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 03:26 · Score: 0
  
  Are you in my office? Then I am not in your presence. Phew!
  Does being fat make you unable to buy pants that fit, Chris?
  Why don't you update your author blog?
  So, how's the video production business coming along? I see you have an amazing three subscribers to your youtube channel. Are you planning on expanding your home office?
7. Re:Problem between keyboard and chair... by ILoveFatCashews · 2017-09-21 03:27 · Score: -1
  
  Maybe creimer wrote the enterprise-level IT department standards that allowed it. This is what happens when your ditch digging infosec miracle workers are pulling triple duty as IT, Custodial, and Security staff!
  Would you like some spam musubi to go with your whine?
8. Re:Problem between keyboard and chair... by ILoveFatCashews · 2017-09-21 03:31 · Score: -1
  
  So cute that you think I'm creimer and not the AC who suggested ILoveFatCashews in the first place!
9. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 03:31 · Score: 0
  
  Obvious creimer is obvious.
10. Re:Problem between keyboard and chair... by ILoveFatCashews · 2017-09-21 03:49 · Score: -1
  
  Says the AC who created ILoveFatCashews.
11. Re:Problem between keyboard and chair... by ILoveFatCashews · 2017-09-21 04:02 · Score: 0
  
  I only vaguely familiar with RegClean. It's an MS util, yes? What does using it foul up?
  RegClean is a third-party application. I used it all the time for WinXP. Never found a need to use it with Vista/7/8/10.
12. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 04:41 · Score: 0
  
  Yeah, this exact same post has never been made by creimer. It's clear that you're totally separate people.
13. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 04:43 · Score: 0
  
  You use exactly the same stale jokes, idiosyncratic expressions, and bad grammar, Chris. Put some zing into your comments next time.
  The AC never recommended ILoveFatCashews.
14. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 04:54 · Score: 0
  
  you sound bitter, spam tits
15. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 05:15 · Score: 0
  
  Yeah, this exact same post has never been made by creimer. It's clear that you're totally separate people.
  creimer pwned your sorry ass, now you think everyone is creimer
16. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 06:12 · Score: 0
  
  You sound diabetic, creimer tits.
17. Re: Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 06:45 · Score: 0
  
  He also owns boxes of cliff and power bars. They are healthy for y
18. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 06:47 · Score: 0
  
  whatever you say, creimer
19. Re: Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 06:48 · Score: 0
  
  More Creimer affiliate spam. You ain't fooling us Chris. It's too late. We are locked in now, expect it to get worse, much worse.
20. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 07:07 · Score: 0
  
  There you are you disgusting fat sexist tube of lard, Christopher Dale Reimer!
  You can be sure I will be watching this fake account too. I know this is you because you told me several times all I need is windows defender since after windows XP.
  Now, I told you I was out of meds last week and you didn't even care to contact me you lazy fucker.
  How many time do I have to express the emergency of the situation??????
  The python click script you wrote for my pheromone revenue stream web site suddently stopped to work!!!!!!
  You fucking incompetent python script writer!!!
  When it works, I get 4000+ clicks a day on my pheromone revenue stream web site but only 5 or 6 without it!!!!
  Now, it seems like you dont care and that you have abandoned me you heartless fucking pig!
  Bonus:
  Here is a story that creimer told me when convincing me what a hard life he had:
  The tree was him and the tree knot was his butt hole!
  So, his uncle packed his fat ass with lard and with his cock! Not that it makes much of a difference but anyway, there it is!
  Signed:
  The girl that used to love you and now hates you, burn in hell where you belong you sexist pig!
21. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 07:12 · Score: 0
  
  Information about land whales, Christopher Dale Reimer and autistic people:
  Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.
  To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.
  The autistic patient condition went even worse because he realized it wasn't the same penny!
  Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.
  I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
  http://www.sccoe.org/depts/stu...
  Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
  https://www.cdreimer.com/slash...
  Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
  https://school.discoveryeducat...
  But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.
  Thank You dear users,
  -Nancy Guerrero
22. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 07:17 · Score: 0
  
  Tell me about it!
  Creimer's siblings all had CCleaner installed on their computer!:
  https://www.youtube.com/watch?...
  That's no surprise if you look at creimer picture:
  https://school.discoveryeducat...
23. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 08:23 · Score: 0
  
  shut up, creimer!
24. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 21:06 · Score: 0
  
  Following someone around on Slashdot to troll them is a new level of sad that I never knew existed. Eew.
25. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 21:08 · Score: 0
  
  Jesus you are one desperately sad prick. Get a fucking life.
26. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 21:15 · Score: 0
  
  Hey creimer!
  A condition to join the creimer's merry band of wanker trolls is to score a good one replying to you.
  We are an underground organization with ties with everything your empty head could imagine and more.
  I am the chief representative AC handling your case and I would like to advice you that the GP has made it.
  Therefore, in further official posts from our organization, his link will be added, so, it will go like this in the future:
  creimer siblings:
  https://www.youtube.com/watch?...
  creimer himself:
  https://school.discoveryeducat...
  creimer's chair:
  http://www.keynamics.com/image...
  Thanks for your time my dear friend.
  Sincerely,
  The chief representative AC.
27. Re:Problem between keyboard and chair... by Anonymous Coward · 2017-09-21 21:34 · Score: 0
  
  Right spot on dude!
  Humpty-Dumpty, with his tiny cyclist legs wouldn't need that high tech chair.
  But then again, if you look above the waist, it is sure required so he doesn't crack open forcing himself in a normal chair nor fall over trying to get into the chair!
  Like they have taught us in orientation:
  Safety first!
  Congratulations to the GGP again!
  Let's make /. great again! ;-)
Why would those companies use CCleaner? by wardrich86 · 2017-09-21 02:24 · Score: 3, Insightful

Seems weird that major tech firms would even bother with the likes of CCleaner... I'd assume they'd just re-image the PC's once they start getting fucky. In fact, I"m not even sure that most people use CCleaner.
1. Re:Why would those companies use CCleaner? by Anonymous Coward · 2017-09-21 02:28 · Score: 0
  
  It is interesting that it's so popular among these companies, but I guess it only takes 1 or 2 within a targeted organization to "bring their daughter to work" as it were.
2. Re:Why would those companies use CCleaner? by Anonymous Coward · 2017-09-21 02:34 · Score: 0
  
  I use Ccleaner every day, and have been for the past 10 years.
  Though it was clear from everything else being hacked these days that NOTHING is secure, and something like this (or similar) was bound to happen to Ccleaner eventually.
3. Re:Why would those companies use CCleaner? by TWX · 2017-09-21 02:35 · Score: 4, Insightful
  
  If it's simply a hop-off point, all you need is one engineer who operates outside of his IT department whose specific software needs mandate he has local admin rights on his computer. He runs the tool he uses at home instead of calling IT, and suddenly his box is now the initial penetration point to access the company network.
  
  --
  Do not look into laser with remaining eye.
4. Re:Why would those companies use CCleaner? by The-Ixian · 2017-09-21 03:28 · Score: 1
  
  This is why you don't let users install software and implement application (executable) whitelisting.
  
  --
  My eyes reflect the stars and a smile lights up my face.
5. Re:Why would those companies use CCleaner? by The-Ixian · 2017-09-21 03:33 · Score: 1
  
  It always seemed like snakeoil to me. It would "find" a bunch of stuff then tell you it fixed it. While I don't doubt that it did actually delete those registry entries, it never seemed to make a difference in performance on any of the computers I had tried it on.
  The only valuable feature I found with it was to remove entries for programs that were still listed in the "Programs and Features" list but for which the installer was missing/broken. But I have since learned how to just manually snip those out of the registry or just use Autoruns.
  
  --
  My eyes reflect the stars and a smile lights up my face.
6. Re:Why would those companies use CCleaner? by The-Ixian · 2017-09-21 03:35 · Score: 1
  
  Application whitelisting would at least provide an audit trail in this case if not block the attempt to install altogether if the whitelist is controlled by another department.
  
  --
  My eyes reflect the stars and a smile lights up my face.
7. Re:Why would those companies use CCleaner? by Anonymous Coward · 2017-09-21 03:37 · Score: 0
  
  Guessing here. It's an alternative to blowing away a user's Windows profile to fix an issue and/or a reimage.
8. Re:Why would those companies use CCleaner? by sinij · 2017-09-21 04:03 · Score: 1
  
  To me, CCcleaner isn't performance tool, it is privacy tool.
9. Re:Why would those companies use CCleaner? by JohnFen · 2017-09-21 04:29 · Score: 1
  
  I was wondering about this myself. I've never, ever seen the likes of CCleaner used in a professional setting. But, clearly, some do.
10. Re:Why would those companies use CCleaner? by Anonymous Coward · 2017-09-21 06:56 · Score: 0
  
  Uh, because it's free? Is that too hard to understand?
11. Re:Why would those companies use CCleaner? by Anonymous Coward · 2017-09-21 09:09 · Score: 0
  
  Autoruns sounds shitty...
12. Re:Why would those companies use CCleaner? by Anonymous Coward · 2017-09-21 10:47 · Score: 0
  
  If it's simply a hop-off point, all you need is one engineer who operates outside of his IT department whose specific software needs mandate he has local admin rights on his computer. He runs the tool he uses at home instead of calling IT, and suddenly his box is now the initial penetration point to access the company network.
  This is common. Fortunately it is common enough that we have learned to apply defense in depth, and not trust systems just because they are authenticated on the local network.
Don't trust foreign sources for apps by Anonymous Coward · 2017-09-21 02:39 · Score: 1

My rule of thumb is never trust a source with foreign ties. We learned this from Kaspersky that its hard to distinguish if they are completely above board or not. Experts have said since Windows 7 that a registry cleaner is absolutely not recommended and could do more harm then good. Obviously they were not thinking in terms of malware. But don't install stuff on your PC that isn't needed.
1. Re:Don't trust foreign sources for apps by Vlad_the_Inhaler · 2017-09-21 03:16 · Score: 4, Insightful
  
  All I have learned from Kaspersky is that some politician alleged Kaspersky may possibly be spying. No evidence, nothing. Nothing to indicate the politician knows anything above the Internet consisting of virtual tubes either. Everything else followed on from there.
  I actually trust Kaspersky to do the job more than I trust a lot of the competition, they have discovered some serious state-sponsored malware in the past. I don't know if Symantec still make virus scanners but when Google, Mozilla et al start initiating the process to "untrust" their certificates, I wouldn't run one of their scanners in a sandbox.
  
  --
  Mielipiteet omiani - Opinions personal, facts suspect.
2. Re:Don't trust foreign sources for apps by Anonymous Coward · 2017-09-21 03:17 · Score: 0
  
  You're a fucking moron, FYI. Your processor is foreign, your ram is foreign, your mobo is foreign, all the chips on it are foreign, and you're spreading FUD based on your head-in-ass concept that foreign == compromised by malware. You're an idiot, you have no concept of security or anything else. You do not know any "experts" in any sense of the word. Don't talk unless you know what you're talking about, and you don't. Go back to reddit and rant about foreigners, moron.
3. Re:Don't trust foreign sources for apps by JohnFen · 2017-09-21 04:31 · Score: 1
  
  My rule of thumb is never trust a source with foreign ties.
  Which implies that you do trust domestic sources. It sounds like you should reevaluate how and what you decide to trust.
4. Re:Don't trust foreign sources for apps by theCat · 2017-09-21 05:06 · Score: 1
  
  That Kaspersky is as good as they are might be a good reason for nation states and global corporations to want to give them a hard time. IT has clearly become a modern munition, everyone is playing with fire, and there is a perverse incentive to undermine tools that make that play harder or less fruitful.
  
  --
  =^..^= all your rodent are belong to us
5. Re:Don't trust foreign sources for apps by Anonymous Coward · 2017-09-21 05:55 · Score: 0
  
  Per the message subject, I guess that means that American software is untrustworthy. (You are aware that there's a significant population outside the US, right?)
6. Re: Don't trust foreign sources for apps by Anonymous Coward · 2017-09-21 07:08 · Score: 1
  
  Actually, given how things stand right now, the question will become: do you still have an independent country, when a foreign power can compromise your entire infrastructure at will?
  Paranoia isn't paranoia if they really are our to get you.
7. Re:Don't trust foreign sources for apps by Maritz · 2017-09-21 21:24 · Score: 1
  
  Go back to reddit and rant about foreigners, moron.
  Funny, I see a LOT more ranting about foreigners on slashdot.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
8. Re:Don't trust foreign sources for apps by Vlad_the_Inhaler · 2017-09-22 03:56 · Score: 1
  
  There have been a number of well documented cases where US 3-letter agencies have managed to have exploits inserted into software written by US companies. Some times the point of entry was the top of the company, some times it was done surreptitiously. It is not a reach to expect virus scanners from US companies to turn something of a blind eye to all this.
  The one which most affected me was RSA, they manufacture devices which display 6-digit numbers for use in passwords for VPN tunnels, the numbers change every minute. The "random seeds" used turned out not to be that random at all. RSA still exists but as a subdivision of - I think - EMC.
  
  --
  Mielipiteet omiani - Opinions personal, facts suspect.
9. Re:Don't trust foreign sources for apps by david_thornley · 2017-09-22 06:02 · Score: 1
  
  I don't trust software with foreign or domestic ties, and I feel a lot safer from Putin's snoops than Trump's. Russia has no legal authority over me, and no reason to be particularly concerned about me, unlike the US. I'll grant you that I don't know whether Kaspersky does anything for the Russian government, but I don't know whether the domestic products do anything for the US government. I know that no anti-virus that failed to detect the Sony rootkit is on my side.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
10. Re:Don't trust foreign sources for apps by dddux · 2017-09-23 06:25 · Score: 1
  
  I completely agree. That's why I don't trust Windows.
  
  --
  "It is no measure of health to be well adjusted to a profoundly sick society." - Jiddu Krishnamurti
Wot- no Story about how Rob Reiner loves slavery by Anonymous Coward · 2017-09-21 02:52 · Score: -1

I'm still waiting slashdot- the biggest story of the week was the Morgan Freeman video produced by an alliance of leading figures in the Democrat and Repulican parties of the USA- declaring that the USA is at war with Russia.
The producer of the video was leading jewish liberal Hollywood personality- Rob Reiner. And it was Reiner personally who demanded a famous beloved 'black' actor read the line stating that the USA was a 'shining beacon to the world' during the years when legally 'black' women and children were RAPE slaves. Jewish Rob Reiner had a much admired 'black' personality praise the holocaust of Human slavery- and you people are still proud for voting Clinton.
The owners of Slashdot are in a bit of a dilemma. It is now clear that the Deep State is grooming Trump for a second term- having eliminated every last ounce of his anti-war feelings. So 'bash Trump' propaganda is ending, and 'bash Russia' programs are accelerating. But at this time Russia is crushing Clinton's wahhabi terror gangs in Syria down to the last man, and the regional players are now dancing to Russia's, not America's tune.
But the new wave of 'anti-Russian' warmongers are the racist psychopaths like Rob Reiner- and for ordinary Americans seeing Freeman and Reiner blow their 'liberal' cover and come out as frothing loonies screaming their love for the time of Human Slavery in the States- well this makes even the dumbest sap start to think twice about recent mainstream media propaganda.
Anyway personally I take great joy in pointing out to you Yanks that you are going to have Trump for far longer than you thought. Not because people like me like Trump (at the time he was the better option compared to war criminal Clinton). But simply because you Clinton voters deserve all the mental pain in the world for all the mass murder and destruction you happily justified in your sick hypocrisy. Trump is a horror- true- but only a horror was going to make it to the White House. The two houses of US government now bloc vote like a Stalin Congress for War and anything in Israel and Saudi Arabia's interest. The US president merely fronts this state of affairs.
Slashdot has carried an astonishing amount of NSA/CIA inspired propaganda across the last few years- having long given up its pretence of being what it says on the label. Slashdot was simply a front to reach the 'nerd' section of society with the Clinton messages of hatred and militarism. So given the clear 'political' purpose of the current Slashdot, each of you should notice what doesn't get covered here- and know that censorship by omision allows you to comprehend what currently troubles your Deep State masters.
It does have the NSA smell by Anonymous Coward · 2017-09-21 02:59 · Score: 0

because judging from the description, this is exactly how America uses NSA to spy on Europe etc.
Because M$ Windows... by Anonymous Coward · 2017-09-21 03:03 · Score: 0

Needs extra spyware to make it operate smoothly.
Re:Wot- no Story about how Rob Reiner loves slaver by Anonymous Coward · 2017-09-21 03:26 · Score: 0

Hatstand. That is all.
Watching the watchmen by QuadEddie · 2017-09-21 03:34 · Score: 1

This is yet another example of the anti-virus being the virus. Seen it many times and thatâ(TM)s why I donâ(TM)t use any anti virus products
1. Re:Watching the watchmen by Maritz · 2017-09-21 21:32 · Score: 1
  
  This isn't anti-virus. So not really that great an example of anti-virus being anything.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
None of them were Linux companies by Anonymous Coward · 2017-09-21 03:37 · Score: 0

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms
None of them were Linux companies.
1. Re:None of them were Linux companies by Maritz · 2017-09-21 21:33 · Score: 1
  
  The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms
  None of them were Linux companies.
  All of them own or lease structures featuring at least one SINK. Join the dots people.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
And people thought I was stubborn. by Anonymous Coward · 2017-09-21 03:39 · Score: 0

I think you're forgetting that one of the reasons to stick with 32 bit is external software (that includes drivers) that doesn't have a 64 bit version and will not work in a 64 bit OS.
CCleaner as Security Software? by CrashNBrn · 2017-09-21 03:57 · Score: 1, Insightful

CCleaner was always garbage that hosed the registry and "cleaned up" /TEMP. Completely useless and in many cases caused problems due to removal of placeholder registry items.
1. Re:CCleaner as Security Software? by Anonymous Coward · 2017-09-21 04:45 · Score: -1
  
  It has never broken the registry on thousands of machines I've used it on. Not once. You're basically a liar. It also has a registry save/restore functionality, so that's just more evidence that you don't know what the fuck you're doing in any sense. Yeah, it deletes temp files. It also finds dupes, allows noobs (like you) to edit startup items and whatnot, remove broken uninstallers, and a few other things you have no need of, being a faggot with his head in his ass. What you need is a jar of mayo for lube, you dumb cunt.
2. Re:CCleaner as Security Software? by Anonymous Coward · 2017-09-21 06:02 · Score: 0
  
  CCleaner was always garbage...
  I learned a lesson about registry cleaners back in the late '90s: do not trust. That said, if you disable the registry cleaning, as a general cruft cleaner, CCleaner has done a good job. Too many programs take a dump in %TEMP% and don't bother cleaning up after themselves. Even more programs take a dump in C:\Windows\TEMP, C:\TEMP and other such locations without consideration for the mess they're making. CCleaner has made cleaning up that crud and other useless junk that Windows itself and other programs generate a simple, one-step housecleaning process.
3. Re:CCleaner as Security Software? by Anonymous Coward · 2017-09-21 06:19 · Score: 0
  
  Does mayo work? Asking for a friend.
4. Re:CCleaner as Security Software? by Anonymous Coward · 2017-09-21 08:03 · Score: 0
  
  Mayo is made from eggs, vinegar, salt and lemon juice. Do not put this on your dick, you'll give yourself a yeast or bacterial infection which could even make its way into your bladder.
5. Re:CCleaner as Security Software? by Maritz · 2017-09-21 21:35 · Score: 1
  
  Does mayo work? Asking for a friend.
  
  Mayo is made from eggs, vinegar, salt and lemon juice. Do not put this on your dick, you'll give yourself a yeast or bacterial infection which could even make its way into your bladder.
  That digressed quickly.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Clean up after yourself! by Anonymous Coward · 2017-09-21 04:05 · Score: 0

You lazy technicians.
There is absolutely no reason to leave CCleaner on a computer - period.
It is a cleaning tool. It does not need to always be running. Why leave a program installed that really only needs to be ran once every 6 months for maintence purposes.
Re:Wot- no Story about how Rob Reiner loves slaver by Anonymous Coward · 2017-09-21 04:09 · Score: 0

Go find a hobby, you simp.
Intel Management Engine IME hacked & more... by Anonymous Coward · 2017-09-21 04:19 · Score: 0

"How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine"
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
"It allows an attacker of the machine to run unsigned code in PCH on any motherboard via Skylake+. The main system can remain functional, so the user may not even suspect that his or her computer now has malware resistant to reinstalling of the OS and updating BIOS."
"New FinFisher surveillance campaigns: Are internet providers involved?"
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/
"What’s new – and most troubling – about the new campaigns in terms of distribution is the attackers’ use of a man-in-the-middle attack with the “man” in the middle most likely operating at the ISP level. We have seen this vector being used in two of the countries in which ESET systems detected the latest FinFisher spyware[...]. When the user – the target of surveillance – is about to download one of several popular (and legitimate) applications, they are redirected to a version of that application infected with FinFisher."
"Security software"? by sremick · 2017-09-21 04:45 · Score: 1

Anyone who thought that CCleaner was "security software" has no business using it, let alone submitting an article to Slashdot about it.
It's a junk/orphan file cleanup utility. Not "security software". Not antivirus or anti-malware. Where do these idiots come from reporting this shit?
Comment removed by account_deleted · 2017-09-21 05:18 · Score: 1

Comment removed based on user account deletion
Nope. by Gravis+Zero · 2017-09-21 05:23 · Score: 1

If you simply wish to verify you are not getting a trojan embedded into your binary by a compiler then you simply need to cross-compile a compiler from multiple compilers on multiple architectures and then compare the binaries each of the cross-compiled compilers produce. An example of this would be building GCC for x86 using itself and using Clang/LLVM on ARM (targetting x86). If the resulting builds of the GCC for x86 compiler produce identical binaries then it's extremely unlikely that either compiler is compromised. With each additional compiler and architecture used, it become exponentially less likely that the compile has been compromised.
It would require a sophisticated AI to create a self-perpetuating trojan that would run on all modern platforms and embed itself in all modern compilers. However, if your "Hello World" program starts producing a 10MB binary, you may want to be concerned.

--
Anons need not reply. Questions end with a question mark.
1. Re:Nope. by SilentChasm · 2017-09-21 06:23 · Score: 2
  
  To do that, you would first need to make sure that the programs could be built with deterministic compilation. I don't believe that many projects have put in the time necessary to do that. That also ignores any optimizations or other features different compilers may use on the source code when compiling it.
  https://en.wikipedia.org/wiki/Deterministic_compilation
2. Re:Nope. by Gravis+Zero · 2017-09-21 06:30 · Score: 1
  
  You misunderstand. The point is to compile a compiler on using multiple platforms and compilers and use the resulting compilers to then build a program. If the compilers produce the same program binary same for each built version of the compiled compiler then it's unlikely to be compromised. This works because you are using the same compiler to build the program binary, just that the compiler was built using different methods.
  
  --
  Anons need not reply. Questions end with a question mark.
3. Re:Nope. by goombah99 · 2017-09-21 12:13 · Score: 1
  
  and what does your turtle rest on?
  
  --
  Some drink at the fountain of knowledge. Others just gargle.
4. Re:Nope. by Zero__Kelvin · 2017-09-21 12:13 · Score: 1
  
  Yes, many of us know about David Wheeler and his idea. Like so many ideas it works in theory, but not in practice. Trying to get the same source code to compile under different versions of GCC is hard enough. Getting it to compile in such a reflexive manner is not something that happens in reality I'm afraid.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
5. Re:Nope. by Gravis+Zero · 2017-09-21 14:50 · Score: 1
  
  Yes, many of us know about David Wheeler and his idea.
  It's the first I've heard of him or his idea.
  
  Trying to get the same source code to compile under different versions of GCC is hard enough.
  I'm not talking about using multiple versions of the same compiler, I'm talking about compiling a single version of a compiler using cross-architecture compilation and completely different compilers. The result is getting similar binaries of the same compiler for the same platform and target. Despite being similar, the compilers will produce identical binaries if they are not infected. Writing a trojan that will embed itself regardless of platform, operating system or compiler is something only AI can hope to achieve.
  
  --
  Anons need not reply. Questions end with a question mark.
6. Re:Nope. by Gravis+Zero · 2017-09-21 14:52 · Score: 1
  
  is it a turtle binary or the turtle source code? ;)
  
  --
  Anons need not reply. Questions end with a question mark.
7. Re:Nope. by Anonymous Coward · 2017-09-21 20:43 · Score: 0
  
  Wow, you are both a liar AND a stupid fuck. Amazing.
8. Re:Nope. by Anonymous Coward · 2017-09-21 21:04 · Score: 0
  
  Nah, there are many undetermined factors. For example, why limit yourself on software aspect. Do you trust your processor? Do you trust CALL instruction is just CALL instruction? Do you trust RET instruction is just RET instruction? And so on and so forth.
9. Re:Nope. by Zero__Kelvin · 2017-09-21 21:28 · Score: 1
  
  You don't have any understanding of how compilers work. I PROMISE you that the result will not be anything even close to identical binaries.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
10. Re:Nope. by Gravis+Zero · 2017-09-22 04:46 · Score: 1
  
  I'm going to cut you a break and attribute this to miscommunication.
  
  --
  Anons need not reply. Questions end with a question mark.
11. Re:Nope. by david_thornley · 2017-09-22 05:48 · Score: 1
  
  It's multiple turtles. Ideally, one for each elephant's foot. The idea is that They aren't going to compromise them all.
  Suppose I take source code for the clang compiler, and compile it with clang, g++, Visual C++, and as many other compilers as I can get. Odds are that one of those compilers hasn't been compromised by Them, or at least not every one by the same Them. If everything's on the up and up, all of these compiled versions of clang should produce essentially the same code, so if two of them produce noticeably different code there's something going on.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
12. Re:Nope. by david_thornley · 2017-09-22 05:54 · Score: 1
  
  Why not? Let's take NSA C++. If it's written in reasonably portable C++, without undefined behavior or significant unspecified or implementation-defined behavior, it will compile to much different binaries on different platforms with different compilers. However, if all of these compilers are standard-conforming and the code is standard-compliant, the different binaries will do the same thing. Given identical input, they will produce output according to the abstract C++ execution model, and the implementation is required to do the same accesses to volatile variables and produce the same output.
  Where is the flaw in my reasoning?
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
13. Re:Nope. by Anonymous Coward · 2017-09-22 09:30 · Score: 0
  
  You are a fucking idiot.
14. Re:Nope. by Zero__Kelvin · 2017-09-22 09:38 · Score: 1
  
  Lets start with the fact that compilers are highly complex beasts, and are never written "in reasonably portable C++, without undefined behavior or significant unspecified or implementation-defined behavior", and then add to that the fact that there is not a 1 to 1 mapping of source code to assembly. Each compiler will take a different approach to implementing the source as assembly, and indeed different compiler options and targets will change the resultant binary, often in radical ways. The same compiler may not even produce the same binary when compiling the same source every time you run it in fact (see also multi-threading.)
  
  There is a reason why you often here this old "all you have to do is ..." argument, but can't find an actual example of it ever having been done anywhere on the internet.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
15. Re:Nope. by david_thornley · 2017-09-25 03:22 · Score: 1
  
  I suspect you're overstating the amount of implementation-dependent behavior in compilers, although it's been twenty years since I looked into it. Otherwise, I don't see how gcc and clang would be that portable.
  However, the idea is not that two compilers spit out binaries that look alike. The idea is that, given a program, two compilers will spit out binaries that act alike. Two compiler binaries that act alike will put out mostly identical code given some source code.
  The mapping of source to assembly is certainly not 1-1, as different source code can map to the same assembly, and different compilers will put out different assembly code for the same source. That doesn't mean the compilation process isn't deterministic.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
16. Re:Nope. by Zero__Kelvin · 2017-09-25 03:40 · Score: 1
  
  "However, the idea is not that two compilers spit out binaries that look alike. The idea is that, given a program, two compilers will spit out binaries that act alike. Two compiler binaries that act alike will put out mostly identical code given some source code. "
  This is completely false, and in the final summation you are contradicting yourself trying to say that they won't look alike, but will act alike, which will mean they look alike.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
17. Re:Nope. by david_thornley · 2017-09-27 15:24 · Score: 1
  
  Given portable source code, that doesn't rely on undefined behavior or effects of unspecified or implementation-dependent behavior, any good C++ compiler will produce code that is identical to any other in accesses to volatile objects and calls to system I/O routines (that being what the Standard requires). It won't be the same object code, because there's lots of different ways to accomplish the same thing.
  Therefore, the output of good compilers, given the source code of a compiler, will be different binary programs that do the same thing.
  It is not only false to say that programs that produce the same output must be the same, it's stupid to say that.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
18. Re: Nope. by Zero__Kelvin · 2017-09-27 22:31 · Score: 1
  
  Right, but the whole theory, and it is a broken theory, is that you can prove they do the same thing by looking at the executable generated. It is easy to prove this is false. Build GCC with -S, -O2, and -O3 and compare the generated code. They will be radically different, and that is using the same source and compiler. For extra credit, prove that Thompson's malicious code doesn't only activate when built with -O2.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Comment removed by account_deleted · 2017-09-21 05:47 · Score: 0

Comment removed based on user account deletion
Comment removed by account_deleted · 2017-09-21 06:54 · Score: 0

Comment removed based on user account deletion
Chinese state hackers again by Sarusa · 2017-09-21 06:57 · Score: 1

The code and techniques look like APT17 aka DeputyDog - hacking into tech firms, military and governments for the Chinese government for at least 10 years.
They realized CCleaner was a fantastic indirect vector into a whole lot of firms, and god knows what else they've got their fingers in that people haven't noticed since most firms are Equifax level incompetent with security.
macOS by Anonymous Coward · 2017-09-21 07:12 · Score: 0

Glad I use a mac.
AV software? LOLOLOLOL.
1. Re:macOS by Anonymous Coward · 2017-09-21 08:08 · Score: 0
  
  You'll be happy to learn there is a Mac version of CCleaner as well!
2. Re:macOS by Maritz · 2017-09-21 21:39 · Score: 1
  
  There's no doubt you get a certain security through obscurity from using such an unfashionable OS. Following your logic though, your should probably be on BeOS or TempleOS.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Comment removed by account_deleted · 2017-09-21 07:32 · Score: 0

Comment removed based on user account deletion
Does this mean Avast shouldn't be trusted? by RMFconsulting · 2017-09-21 07:57 · Score: 1

I use Avast free for a lot of my clients. Since CCCleaner is run by them, does that imply that I shouldn't trust Avast either?
1. Re:Does this mean Avast shouldn't be trusted? by Anonymous Coward · 2017-09-21 09:49 · Score: 0
  
  If your clients are using Win10, all the evidence shows that Windows Defender will be "good enough". Adding an anti-virus program on Win10 is unnecessary. From there it comes down to individuals practicing 'safe browsing'. You cannot keep someone from going onto sketchy sites and exposing themselves to possible malware/virus downloads (click here). I have a woman who wishes to use her computer to go on to 'coupon clipping' websites, that's when I need to run Malwarebytes every couple of weeks to quarintine then remove PUPS (potentially unwanted programs). Another guy likes to go onto porn sites, told him to use RedTube instead if he really needs to see boobs bouncing. You can't fix stupid, unfortunately. Installing Ghostery and UBlock Origin extensions on Chrome is the best I can do for these people.
2. Re:Does this mean Avast shouldn't be trusted? by Anonymous Coward · 2017-09-21 12:08 · Score: 0
  
  If they have backed up their data somehow on an external hard drive, then just put a clean install of windows from a usb thumbdrive, load their programs back on, and they'll be good to go. As long as they know how to keep their important to them documents/files/photos saved apart from their computer, Avast isn't needed. Google Photos, Drive is all that an average user will need. If they're a large company then they should have an IT people on their payroll who will do all this for them. Anti-virus software is going the way of the dinosaurs. Backup! Backup! Backup!!! For an average person a Chromebook is usually all they need to cruise the internet.
3. Re:Does this mean Avast shouldn't be trusted? by Anonymous Coward · 2017-09-21 12:29 · Score: 0
  
  CCleaner malware outbreak is much worse than it first appeared
  Microsoft, Cisco, and VMWare among those infected with additional mystery payload.
  DAN GOODIN - 9/21/2017, 5:43 PM
  The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.
  Talos
  Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering. The new evidence—culled from data left on a command-and-control server during the last four days attackers operated it—shows otherwise. Of 700,000 infected PCs, 20 of them, belonging to highly targeted companies, received the second stage, according to an analysis published Wednesday by Cisco Systems' Talos Group.
  Because the CCleaner backdoor was active for 31 days, the total number of infected computers is "likely at least in the order of hundreds," researchers from Avast, the antivirus company that acquired CCleaner in July, said in their own analysis published Thursday.
  From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung. The 20 computers that installed the payload were from eight of those targeted organizations, Avast said, without identifying which ones. Again, because the data covers only a small fraction of the time the backdoor was active, both Avast and Talos believe the true number of targets and victims was much bigger.
  More fileless malware
  The second stage appears to use a completely different control network. The complex code is heavily obfuscated and uses anti-debugging and anti-emulation tricks to conceal its inner workings. Craig Williams, a senior technology leader and global outreach manager at Talos, said the code contains a "fileless" third stage that's injected into computer memory without ever being written to disk, a feature that further makes analysis difficult. Researchers are in the process of reverse engineering the payload to understand precisely what it does on infected networks.
  "When you look at this software package, it's very well developed," Williams told Ars. "This is someone who spent a lot of money with a lot of developers perfecting it. It's clear that whoever made this has used it before and is likely going to use it again."
  Stage one of the malware collected a wide assortment of information from infected computers, including a list of all installed programs, all running processes, the operating-system version, hardware information, whether the user had administrative rights, and the hostname and domain name associated with the system. Combined, the information would allow attackers not only to further infect computers belonging to a small set of targeted organizations, but it would also ensure the later-stage payload is stable and undetectable.
  Now that it's known the CCleaner backdoor actively installed a payload that went undetected for more than a month, Williams renewed his advice that people who installed the 32-bit version of CCleaner 5.33.6162 or CCleaner Cloud 1.07.3191 reformat their hard drives. He said simply removing the stage-one infection is insufficient given the proof now available that the second stage can survive and remain stealthy.
  The group behind the attack remains unknown. Talos was able to confirm an observation, first made by AV provider Kaspersky Lab, that some of the code in the CCleaner backdoor overlaps with a backdoor used by a hacking group known both as APT 17 and Group 72. Researchers have tied this group to people in China. Talos also noticed that the command server set the time zone to one in the People's Republic of China
4. Re:Does this mean Avast shouldn't be trusted? by Anonymous Coward · 2017-09-21 12:39 · Score: 0
  
  https://www.us-cert.gov/ncas/current-activity?page=1 Here's where to go to learn about needed updates.
5. Re:Does this mean Avast shouldn't be trusted? by Anonymous Coward · 2017-09-21 12:44 · Score: 0
  
  "malware is only found in the 32 bit version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191."
  If you used that version, then you need to talk to whomever can make the decision in your company and convince them that your machines can no longer be trusted. Play up what would happen if they were informed, did nothing and sensitive data is leaked.
6. Re:Does this mean Avast shouldn't be trusted? by Maritz · 2017-09-21 21:41 · Score: 1
  
  Another guy likes to go onto porn sites, told him to use RedTube instead if he really needs to see boobs bouncing.
  That's fucking weird.
  In what sense is 'redtube' not a porn site?
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
7. Re:Does this mean Avast shouldn't be trusted? by david_thornley · 2017-09-22 06:07 · Score: 1
  
  Sketchy sites includes all of those that use third-party ads, which is probably all commercial sites. My wife got infected from the New York Times site once. "Safe browsing" is a myth.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Firewalls are to blame by aberglas · 2017-09-21 11:46 · Score: 1

They give the illusion of security behind the wall.
If everything was exposed naked to the internet, it would have to be designed properly to be secure in the first place.
"Sneaking behind a corporate firewall" only works if the machines behind that wall are not properly protected from each other.
I have to confess by Anonymous Coward · 2017-09-21 12:43 · Score: 0

I have tried to act like creimer on other sites to annoy people.
He's so well known and annoying I'm sure people do it here too.
I have reviewed your post history by Anonymous Coward · 2017-09-21 12:47 · Score: 0

You're almost definitely creimer.
You're violating AUP on sock puppets as well as the personal deal you made with slashdot staff when they tried to help you sort all this out by wiping your 100 accounts and renaming your embarrassing primary account.
I don't know why they help you at all I would have banned your whole C class and called it problem solved.
1. Re:I have reviewed your post history by Anonymous Coward · 2017-09-21 21:47 · Score: 0
  
  Information about Christopher Dale Reimer and autistic people:
  Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.
  To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.
  The autistic patient condition went even worse because he realized it wasn't the same penny!
  Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.
  I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
  http://www.sccoe.org/depts/stu...
  Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
  https://www.cdreimer.com/slash...
  Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
  https://school.discoveryeducat...
  But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.
  Thank You dear users,
  -Nancy Guerrero
Re:Wot- no Story about how Rob Reiner loves slaver by Anonymous Coward · 2017-09-21 21:31 · Score: 0

If you're looking for a TL;DR it's "I'm a simple cunt who blames all his problems on jews, blacks, women, and other favored objects of hate for neckbeard dickheads."