When you have a payload on your low-end C2 server, like piriform had, and no one from the outside makes you aware you have, you are quite blind to it. Only thing is why avast did not do proper release management, and when they did, question is when did they realize they acquired a trojaned software, being it being wrought by an extra renowed l33t very sophisticated state hacker group like Axion or Group 72 is.
All very unfortunate. The latest version of CCleaner has now been checked by all of the AV-World and the kitchen sink, so as to put it, as anything could be trusted it is that very download now. ;D Remember these incidents are nasty and unfortunate but they protect us all from greater woes. There is some positive thing in everything that goes wrong initially. ;D
You might say that the last release of Ccleaner is the safest version ever released. It’s fortunate to have received free health care since it’s been under everyone’s microscope.
Agreed. There’s no place safer than the bank the day after the robbery.
In other words, I am still going to use CCleaner and other Piriform products. I just hope they find the culprit (was it an inside job? or, where did the malware come from?) so they can stop it for good.
But, more in general, the CCleaner malware incident makes me wonder: how can I keep my Windows PC safe in a world where even software houses are compromised? It’s not the first time and it won’t be last.
So far, my anti-malware approach has included the following:
only download from developer/trusted sites,
always multi-scan new software before install, no matter how “trusted” the developer,
watch out for strange behaviors,
keep Windows and other programs “happy” (updated against vulnerabilities),
run real-time AV, use a firewall, set UAC to the max, stay behind a router whenever possible,
disable scripting and stuff like Flash and Java unless on a case-by-case base,
keep 1-2 months’ backup of everything on external disks,
store sensitive data on offline/encrypted drives,
disable Windows autoplay,
keep myself informed about ongoing threats.
I won’t mention the obvious like not clicking any mail attachment, not downloading pirated software, avoiding shady web sites, not logging on to Windows using the administrative account unless strictly necessary.
Looks like all that was not enough, because:
A. I did not check updates, especially automatic updates,
and
B. even if I checked updates, in a case like Ccleaner’s the malware went undetected for a month. The same could happen to any other software company.
Bob3160 is right in this respect, certainly and also a bit sadly…
Know that against advanced collison state actor hacking a simple MD5 comparison won’t help,
but it is a quick and dirty to perform on any download and check on VirusTotal you have the right McCoy there.
MD5 is not safe anymore, again added threats from downgraded standards provided by organizations like NSA (who would like to trust a lock given to you by a burgler?). Against targeted attacks from state hackers, the normal user has no defense. You have both arms tied to your backs all the time and the game is “rigged” from the word go by the ‘Forces that Be’.
It should be a concern that the Microsoft Windows certificate store (you find it inside the registry) identifies certificates 'uniquely" on basis of their SHA1, so hash - collision can not be avoided under all circumstances. SHA1 is also unsafe, still loads of sites still have it, https://shaaaaaaaaaaaaa.com/
Alas, we do as best we can under the prevailing situation,
The statement from avast was :
“Furthermore, given the clear lack of traffic on Saturdays and Sundays, it would indicate that it wasn’t an Arabic country.”
No Tech companies in China or Russia were on the targeted list.
Before that they also say:
“Given the typical working day starts at 8AM or 9AM, this leads us to the most likely location of the attacker in the time zone UTC + 4 or UTC + 5, leading us to Russia or the eastern part of Middle East / Central Asia and India.”
Remember these incidents are nasty and unfortunate but they protect us all from greater woes. There is some positive thing in everything that goes wrong initially. ;D