Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies

[Lucian Armasu]

Avast and Cisco confirmed that the CCleaner attackers were in fact after large technology and telecommunications companies' intellectual property. Cisco has also revealed that the malware has similarities to code used by a Chinese cyber espionage group.

Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies : Read more

 

[berezini]

"through a new another server" someone needs to go back to kindergarten and learn proper grammar.

 

[turkey3_scratch]

"through a new another server" someone needs to go back to kindergarten and learn proper grammar.

That's just a human mistake, no need to be rude.

 

[the_bears]

I just have 1 question about all of this malware fiasco.

Are the versions before 5.33 infected from this, because I own x64 bit 5.30 version of CCleaner and am wondering should I remove CCleaner from my PC and reinstall if necessary ?

 

[nathan336]

Avast hacking their own software? read more here: http://www.mad-monkey.co.uk/cgi-bin/default.pl?06,mnews-CCleaner533breachfrom

 

[spiketheaardvark]

ccleaner seems like an odd way to hit a big company. I doubt it's on the standard install list for any of these companies IT departments. It might get in around the edges with some BYOD equipment but that greatly decreases the number of targets. I'm sure ccleaner was an easier target than trying to slip something into Office 365 subscriptions. I'd think an old fashioned phishing attack would have been easier and less time consuming.

 

[JMLow54]

Spike...

Not so unusual, as CCleaner is a relatively robust way to decommission old HDDs (and to some extend SSDs); especially if the business has stored information they wish to remain private. Keep in mind that in a large company (say 100,000 employees) their inventory of deployed systems is fluid and something has to be done to protect their trade secrets.

As directly related to the article, I had 5.33 installed. Since I test various apps on my desktop system, and it varies from client to client, I prefer to do all this from within a VM so my host remains fairly unaffected. Once such test (still underway) required the use of CCleaner, and 5.33 was installed and it was infected.

Fortunately this was an installation in a VM only, and therefore no impact on my host system.

Just thought I'd add my 0.02 worth, to let you know that it does impact individual users as well - though the payload was never triggered.

 

[spiketheaardvark]

Spike...

Not so unusual, as CCleaner is a relatively robust way to decommission old HDDs (and to some extend SSDs); especially if the business has stored information they wish to remain private. Keep in mind that in a large company (say 100,000 employees) their inventory of deployed systems is fluid and something has to be done to protect their trade secrets.

As directly related to the article, I had 5.33 installed. Since I test various apps on my desktop system, and it varies from client to client, I prefer to do all this from within a VM so my host remains fairly unaffected. Once such test (still underway) required the use of CCleaner, and 5.33 was installed and it was infected.

Fortunately this was an installation in a VM only, and therefore no impact on my host system.

Just thought I'd add my 0.02 worth, to let you know that it does impact individual users as well - though the payload was never triggered.

I didn't think about the HDD wiper. That actually makes sense then. The drives an IT department is wiping have exactly what the hackers would want.

Most of my experience with IT is at academic institutions. Asking for anything more than a computer with MS office was almost not worth the effort (and they charged the lab to install software). Everything I see in these forums about bad IT practices is the world I live in. The fact you were using a VM puts you head and shoulder above most of what I've had to put up with. During grad school (2007) my computer was an old XP machine with a public unfirewalled IP address. Based on how long it took them to roll out SP3 they delayed most patches at least a full year. The only thing between me and internet was McAfee and a poorly patched windows XP. They also gave me a laptop with whole disk encryption that was incompatible with Vista's hybrid sleep (the default). Everyone that got a laptop ended losing everything at some point all because they never read the release notes for pgp.