Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
The Horror of CCleaner
Message
<blockquote data-quote="cruelsister" data-source="post: 682964" data-attributes="member: 7463"><p>There was indeed no defense for it, at least the initial installation. This was a high quality hack- a legitimately signed application was downloaded from a company specific (and also legitimate) server. This meant that those responsible had both the Private Key to sign and the FTP credentials to upload the file. Doing both is not an easy thing to do (nor inexpensive).</p><p></p><p>Creating a test of this malware versus anything is rather pointless now as everyone and their Cat knows about it, and saying "My AV detects it now!" is equally without value. Remember that the initial detection was by someone stumbling on to a connection to a California server that had hosted malware in the past, and this after a month- by this time the actual payloads had been uploaded to those targeted. From Zero day to D+30 no security product detected anything. It can't be said enough that this was a targeted attack against the likes of Samsung, Intel, VMware, etc and NOT something that peons like us need to worry about.</p><p></p><p>What we DO need to worry about (and why I did the video) is that this was the best public example of the Nightmare Scenario- that being a trusted application from a trusted source gone rogue. There is nothing at all we can do to defend ourselves form stuff like this, but instead this demonstrates the Half-assed manner in which both credentials for Trusted Certificates and FTP logon credentials are secured. That should darken anyone's day.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 682964, member: 7463"] There was indeed no defense for it, at least the initial installation. This was a high quality hack- a legitimately signed application was downloaded from a company specific (and also legitimate) server. This meant that those responsible had both the Private Key to sign and the FTP credentials to upload the file. Doing both is not an easy thing to do (nor inexpensive). Creating a test of this malware versus anything is rather pointless now as everyone and their Cat knows about it, and saying "My AV detects it now!" is equally without value. Remember that the initial detection was by someone stumbling on to a connection to a California server that had hosted malware in the past, and this after a month- by this time the actual payloads had been uploaded to those targeted. From Zero day to D+30 no security product detected anything. It can't be said enough that this was a targeted attack against the likes of Samsung, Intel, VMware, etc and NOT something that peons like us need to worry about. What we DO need to worry about (and why I did the video) is that this was the best public example of the Nightmare Scenario- that being a trusted application from a trusted source gone rogue. There is nothing at all we can do to defend ourselves form stuff like this, but instead this demonstrates the Half-assed manner in which both credentials for Trusted Certificates and FTP logon credentials are secured. That should darken anyone's day. [/QUOTE]
Insert quotes…
Verification
Post reply
Top