Slashdot Mirror

← Back to Stories (view on slashdot.org)

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com)

Posted by msmash on from the security-woes dept.

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.

7 of 151 comments (clear)

  1. Reflections On trusting trust by goombah99 · · Score: 5, Interesting

    If you never read this essay here it is
    https://www.ece.cmu.edu/~gange...

    Malware is slowly moving up the software chain to where this is becoming increasingly plausible.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  2. Why would those companies use CCleaner? by wardrich86 · · Score: 3, Insightful

    Seems weird that major tech firms would even bother with the likes of CCleaner... I'd assume they'd just re-image the PC's once they start getting fucky. In fact, I"m not even sure that most people use CCleaner.

    1. Re:Why would those companies use CCleaner? by TWX · · Score: 4, Insightful

      If it's simply a hop-off point, all you need is one engineer who operates outside of his IT department whose specific software needs mandate he has local admin rights on his computer. He runs the tool he uses at home instead of calling IT, and suddenly his box is now the initial penetration point to access the company network.

      --
      Do not look into laser with remaining eye.
  3. Re:Problem between keyboard and chair... by TWX · · Score: 3, Insightful

    You clearly overestimate the intelligence of management, supervisors, and service technicians.

    We had a lead technician still trying to use Regclean a few years ago. On Windows 7 and Windows 8.1 computers. Same technician kept setting ethernet interfaces to 10Mbit Half Duplex because he somehow interpreted the time that 10/half was needed to push far beyond the 100m channel-length for a waaaaay overlength data drop as the Setting That We Should All Set.

    My point is that a lot of myth and misunderstanding goes into IT, and often we get good results despite the stupidity, rather than because of it. I have no doubt that some technicians swore by CCleaner and used it in the corporate setting, and some IT departments even routinely used it in lieu of reimaging infected computers.

    --
    Do not look into laser with remaining eye.
  4. Re:And people thought I was crazy... by TWX · · Score: 2, Insightful

    To restate for the mentally impaired, by targeting 32 bit computing platforms as this infection did, it naturally filters-out nearly all home computers. That means that the majority of computers that get infected and phone-home are business computers, which is what they want to target.

    A business is a place where people go to make money. Except your mom, she goes to the local street corner, which is how she got saddled with you.

    --
    Do not look into laser with remaining eye.
  5. Re:Don't trust foreign sources for apps by Vlad_the_Inhaler · · Score: 4, Insightful

    All I have learned from Kaspersky is that some politician alleged Kaspersky may possibly be spying. No evidence, nothing. Nothing to indicate the politician knows anything above the Internet consisting of virtual tubes either. Everything else followed on from there.
    I actually trust Kaspersky to do the job more than I trust a lot of the competition, they have discovered some serious state-sponsored malware in the past. I don't know if Symantec still make virus scanners but when Google, Mozilla et al start initiating the process to "untrust" their certificates, I wouldn't run one of their scanners in a sandbox.

    --
    Mielipiteet omiani - Opinions personal, facts suspect.
  6. Re:Nope. by SilentChasm · · Score: 2

    To do that, you would first need to make sure that the programs could be built with deterministic compilation. I don't believe that many projects have put in the time necessary to do that. That also ignores any optimizations or other features different compilers may use on the source code when compiling it.

    https://en.wikipedia.org/wiki/Deterministic_compilation