- Apr 13, 2013
- 3,147
Hi guys! This one is too funny (absolutely pathetic) to let slide:
Those that followed the CCleaner malware story from day 1 may remember that Cisco stated that the CCleaner malware was discovered while beta testing one of their security products. Although that original blog was been removed, it was paraphrased in this article: https://arstechnica.com/information...d-in-legitimate-software-updates-to-ccleaner/
"In a blog post this morning, Cisco Talos Intelligence's Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams reported that Talos had detected the malware during beta testing of a new exploit-detection technology."
Turns out that was a total lie- both Piriform and Cisco were notified by a company called Morphisec on September 12th. Cisco then did a little look-see and notified Avast 2 days later, then took public credit for the discovery on September 18th.
Apparently (and understandably) Morphisec got pissed and now Cisco has redacted the original post of September 18th (somewhat) to include this :"Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast" and the Cisco beta testing drivel was deleted.
Finally, even Morphisec was also deceptive in this as the original indicator of compromise (the Outbound connection to 216.whatever) was discovered by a user of their product that happened to monitor unusual Outbound connections on their system. But you will still see some nebulous reference to a magic dll from which all was made clear.
One can't trust anyone anymore, can one?
Those that followed the CCleaner malware story from day 1 may remember that Cisco stated that the CCleaner malware was discovered while beta testing one of their security products. Although that original blog was been removed, it was paraphrased in this article: https://arstechnica.com/information...d-in-legitimate-software-updates-to-ccleaner/
"In a blog post this morning, Cisco Talos Intelligence's Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams reported that Talos had detected the malware during beta testing of a new exploit-detection technology."
Turns out that was a total lie- both Piriform and Cisco were notified by a company called Morphisec on September 12th. Cisco then did a little look-see and notified Avast 2 days later, then took public credit for the discovery on September 18th.
Apparently (and understandably) Morphisec got pissed and now Cisco has redacted the original post of September 18th (somewhat) to include this :"Update 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast" and the Cisco beta testing drivel was deleted.
Finally, even Morphisec was also deceptive in this as the original indicator of compromise (the Outbound connection to 216.whatever) was discovered by a user of their product that happened to monitor unusual Outbound connections on their system. But you will still see some nebulous reference to a magic dll from which all was made clear.
One can't trust anyone anymore, can one?
