![]() ![]() “The second part of the payload is responsible for persistence… Structurally, the DLLs are quite interesting because they piggyback on other vendors’ code by injecting the malicious functionality into legitimate DLLs.”Īffected users were urged not merely to remove the CCleaner or update to the latest version, but to restore from backups or re-image systems to ensure that they completely remove both the backdoored CCleaner version and any other malware that may be on the system. “Much of the logic is related to the finding of, and connecting to, a yet another CnC server, whose address can be determined using three different mechanisms: 1) an account on GitHub, 2) an account on Wordpress, and 3) a DNS record of a domain (name modified here),” explained Steckler and Vlcek. The complex second-stage payload comes in two parts: the first contains the main business logic and is heavily obfuscated, using anti-debugging and anti-emulation techniques to stay hidden from security tools. However, a screenshot provided by Cisco Talosshowed a number of domains that the attackers were looking to compromise, including ones linked to Sony, Microsoft, VMware, Vodafone, O2, Singtel, Linksys, Gmail, D-Link, Intel, Samsung, HTC and Cisco itself.Ĭisco suggested this evidence reveals “a very focused actor after valuable intellectual property.” “Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were,” said the duo.Īvast refused to name the targets publicly. The initial attack affected 2.27 million CCleaner customers, meaning the collateral damage was huge. Server logs indicate eight tech and telecoms firms received the payload, with potentially hundreds of machines infected – although only 20 were spotted during the three days logs were collected for, according to an update from Avast CEO, Vince Steckler and CTO Ondrej Vlcek. Updates from both Cisco Talos and Avast – the company which now owns CCleaner developer Periform – explained that, contrary to initial impressions, a second stage payload was delivered from the C&C server. This one-time scan runs seamlessly alongside any installed antivirus software with no installation or. Our virus scanner is the quickest and easiest way to identify vulnerabilities and potential infections and remove these threats from your device. ![]() A cyber-attack revealed this week which spread via popular performance optimization tool CCleaner was designed to target several major technology firms, it has emerged. ESET’s free online scanner detects and fixes viruses, malware, ransomware, worms and more. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |