Potentially serious - Update your CC Cleaners! Backdoor infection.

I would be suspicious if you had installed the binary at some point, but the scan did not find anything.

I read most of the Avast analysis, linked from Vimes reference they do not seem to acknowledge collaboration with other antivirus teams (pride - lol)
and their principal justification not to reformat from here is - the attack was targetted at particular corporate addresses, not the little guy.

Finally, it is extremely important to us to resolve the issue on customer machines. For consumers, we stand by the recommendation to upgrade CCleaner to the latest version (now 5.35, after we have revoked the signing certificate used to sign the impacted version 5.33) and use a quality antivirus product, such as Avast Antivirus. For corporate users, the decision may be different and will likely depend on corporate IT policies. At this stage, we cannot state that the corporate machines could not be compromised, even though the attack was highly targeted.
Click to expand...

The analysis here,
with flow charts showing attack strategy and including examples of data shared by the compromised machines, seems much better strcutured to me.
and includes these comments

During the compromise, the malware would periodically contact the C2 server and transmit reconnaissance information about infected systems. This information included IP addresses, online time, hostname, domain name, process listings, and more. It's quite likely this information was used by the attackers to determine which machines they should target during the final stages of the campaign.
...
When combined, this information would be everything an attacker would need to launch a later stage payload that the attacker could verify to be undetectable and stable on a given system.
Click to expand...

Also, even for corporate customers man-hour cost of a reformat to business is large, and personally there would be several days of work, restoring programs and config for different programs (browsers/plex/MS tools, etc etc) - you have a very simple setup if you can do this in an hour.
 
Yeah I didnt buy into the 'not as damaging as it first appeared' vibe the more I read and agree with jpaul on how only Avast have been consulted - probably panicked.

Strange on the quiet (lack of incite) noise from other security companies. Probably nobody wants to drop a gonad or dont want to elude the many sieve like issues that have been identified along the way. For some reason I get drawn into the technical gossip associated with all these breaches.
 
You must log in or register to reply here.
Back
Top Bottom