|
But doctor...I am Pagliacci
|
#
?
Sep 18, 2017 16:23
|
|
|
|
| # ? Apr 28, 2024 20:07 |
|
|
Potato Salad posted:CCleaner Also they got hacked http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
|
|
#
?
Sep 18, 2017 18:32
|
|
|
Potato Salad posted:CCleaner lol
|
|
#
?
Sep 18, 2017 18:35
|
|
|
"Hi there's a payload on our installer that we didn't know about" I actually want to see if cylance picks this up, pinging a consultant
|
|
#
?
Sep 18, 2017 18:39
|
|
|
Potato Salad posted:"Hi there's a payload on our installer that we didn't know about"
|
|
#
?
Sep 18, 2017 18:58
|
|
|
https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/quote:Vevo hacked, 3.12 TB of data leaked aaahaahahaahhaahahahahaha
|
|
#
?
Sep 18, 2017 19:40
|
|
|
Heh, almost everyone on virustotal misses it.
|
|
#
?
Sep 18, 2017 19:41
|
|
|
Potato Salad posted:Heh, almost everyone on virustotal misses it. Who didn't?
|
|
#
?
Sep 18, 2017 19:44
|
|
|
The Fool posted:Who didn't? ClamAV; I am not familiar with it
|
|
#
?
Sep 18, 2017 19:45
|
|
|
CLAM DOWN posted:https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/ Unreal. I love this.
|
|
#
?
Sep 18, 2017 19:48
|
|
|
Potato Salad posted:ClamAV; I am not familiar with it I've never used it, but it's gimmick is that it is open source and community managed. AFAIK, it's signature based.
|
|
#
?
Sep 18, 2017 19:50
|
|
|
De-escalation training, day 1: Don't tell someone to gently caress off from the outset.
|
|
#
?
Sep 18, 2017 19:51
|
|
|
anthonypants posted:It's bad, its only use is to be a red flag when you see people install it or hear people talk about it. These kinds of attacks suck because they encourage people not to keep their software updated, exposing them to more vulnerabilities.
|
|
#
?
Sep 18, 2017 20:12
|
|
|
probably not the best policy for extortion attempts
|
|
#
?
Sep 18, 2017 20:12
|
|
|
Potato Salad posted:ClamAV; I am not familiar with it Yeah, they probably just ripped the hashes out of the blog post and threw them up there. I'm working with Symantec to get their sigs updated to check for it, though Cisco picked up on it in the first place because it was tripping their heuristics engine and the other vendors will probably want to look at theirs and figure out why theirs didn't catch wind of it.
|
|
#
?
Sep 18, 2017 20:15
|
|
|
CLAM DOWN posted:https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/ 
|
|
#
?
Sep 18, 2017 20:45
|
|
|
CLAM DOWN posted:https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/ That guy is super smart.
|
|
#
?
Sep 18, 2017 20:50
|
|
|
I wonder if Defender ATP picked it up, I'm not too familiar with the solution but it sounds like something it'd detect
|
|
#
?
Sep 18, 2017 20:54
|
|
|
Anyone going to be at Derbycon this weekend?
|
|
#
?
Sep 18, 2017 21:16
|
|
|
CLAM DOWN posted:https://nakedsecurity.sophos.com/2017/09/17/vevo-hacked-3-12-tb-of-data-leaked/ Man Stabbed posted:What are you gonna do? Stab me?
|
|
#
?
Sep 18, 2017 21:49
|
|
|
anthonypants posted:It's bad, its only use is to be a red flag when you see people install it or hear people talk about it. edit: actually, also, why does Windows only let you uninstall one program at a time, what data collision is it trying to prevent? DACK FAYDEN fucked around with this message at 22:05 on Sep 18, 2017 |
|
#
?
Sep 18, 2017 22:03
|
|
|
Is Revo Uninstaller still a thing? Probably that.
|
|
#
?
Sep 18, 2017 22:04
|
|
|
yeah i'm sure the malware made sure to hook into the uninstaller as well, nevermind the other secondary payloads that haven't been found
|
|
#
?
Sep 18, 2017 22:08
|
|
|
5.33 are the versions that had the malware, right? I believe they released 5.32 like in June or July then 5.33 in August.
|
|
#
?
Sep 18, 2017 22:15
|
|
|
Three-Phase posted:5.33 are the versions that had the malware, right? I believe they released 5.32 like in June or July then 5.33 in August. (the free version doesn't autoupdate so I am totally fine but I'm still gonna get rid of it because where there's one breach...)
|
|
#
?
Sep 18, 2017 22:37
|
|
|
DACK FAYDEN posted:edit: actually, also, why does Windows only let you uninstall one program at a time, what data collision is it trying to prevent?
|
|
#
?
Sep 19, 2017 01:36
|
|
|
General ITSEC question - how do criminals afford "junk domains" or whatever you'd call them to host malware/spyware or do command and control and so forth? A single .com domain can be like $10 or more a year, how do they register dozens or hundreds of "kj9fslidjflskdjgflkjdfg dot zyx" or whatever domains? Or are there just really, really shady registrars that are like "LOL OK here's a thousand domains whatever"?
|
|
#
?
Sep 19, 2017 02:38
|
|
|
Three-Phase posted:General ITSEC question - how do criminals afford "junk domains" or whatever you'd call them to host malware/spyware or do command and control and so forth? A single .com domain can be like $10 or more a year, how do they register dozens or hundreds of "kj9fslidjflskdjgflkjdfg dot zyx" or whatever domains? They make up for it by making renewals really expensive, but malware vendors or spammers don't have to worry about that. anthonypants fucked around with this message at 02:43 on Sep 19, 2017 |
|
#
?
Sep 19, 2017 02:41
|
|
|
Three-Phase posted:General ITSEC question - how do criminals afford "junk domains" or whatever you'd call them to host malware/spyware or do command and control and so forth? A single .com domain can be like $10 or more a year, how do they register dozens or hundreds of "kj9fslidjflskdjgflkjdfg dot zyx" or whatever domains? I registered a .stream domain for 10 years for $2/year
|
|
#
?
Sep 19, 2017 03:03
|
|
|
I did have one other question and frankly I didn't see any other category on SH/SC for this kinda' thing (if there is a better thread for this PLEASE point it out to me!) Do you guys have any suggestions on companies that will just hold a domain name(s) for someone without hosting? Just to hold the domain name and do privacy protection for the WHOIS stuff. I was looking at moving domains to NameCheap but I am not sure if you can just transfer them domains without hosting.
|
|
#
?
Sep 19, 2017 03:41
|
|
|
I don't think any of the registrars force you to take hosting. Just buy the domain name (may or may not get free WHOIS privacy, depending on promos and stuff) and think about hosting and other stuff later.
|
|
#
?
Sep 19, 2017 03:43
|
|
|
Yeah I'm sitting on like 3 domains because I thought about maybe doing something with them some day. They're cheap.
|
|
#
?
Sep 19, 2017 03:46
|
|
|
Do registrars still allow domain preview? I know that was how malware used to pick up their domains.
|
|
#
?
Sep 19, 2017 03:50
|
|
|
duz posted:Do registrars still allow domain preview? I know that was how malware used to pick up their domains. Like a "try before you buy" or a refund on domains? Sounds like a really bad idea... PS - thanks for the information and help you guys have been providing - I appreciate it.
|
|
#
?
Sep 19, 2017 03:56
|
|
|
FWIW my fav registrar is Gandi and they bundle whois protection into their prices. Hosting is completely optional.
|
|
#
?
Sep 19, 2017 04:00
|
|
|
duz posted:Do registrars still allow domain preview? I know that was how malware used to pick up their domains. The practice was called "domain tasting". ICANN eventually added a $0.20 fee for domains cancelled within the initial five day grace period, which reduced it somewhat as before that it cost nothing. In 2009 they limited it even further, to the point nobody really does it anymore. Now you just buy it for the year and see how it goes. I run a small domain reseller and absolutely love scammers. They register domains, the domains get suspended, I keep their money  Edit: Scammers are bad. Scammers wasting their cash is good. yoloer420 fucked around with this message at 06:45 on Sep 19, 2017 |
|
#
?
Sep 19, 2017 06:38
|
|
|
Potato Salad posted:CCleaner I'm traveling this week for work so I can't check at home, but I think I might have installed that version that got hacked (I use it for their "secure delete" of files feature). gently caress. Do we know exactly what it does/did? Am I glad I 2FA everything...
|
|
#
?
Sep 19, 2017 08:13
|
|
|
The writeup from Avast claims that they neutered the C&C servers before any kind of payload could occur, though how they are actually confirming that claim is a bit of a mystery. It was arbitrary code installed as System so the worst case persistent rootkit is a possibility though considering the visibility they PROBABLY cleaned things up for the majority of users.
|
|
#
?
Sep 19, 2017 15:31
|
|
|
BangersInMyKnickers posted:The writeup from Avast claims that they neutered the C&C servers before any kind of payload could occur, though how they are actually confirming that claim is a bit of a mystery. It was arbitrary code installed as System so the worst case persistent rootkit is a possibility though considering the visibility they PROBABLY cleaned things up for the majority of users. not quite sure how they'd be able to make such a bold claim given the window of infection and degree of invasive analysis required to detect that weeks later, but that's their side of the matter Wiggly Wayne DDS fucked around with this message at 15:56 on Sep 19, 2017 |
|
#
?
Sep 19, 2017 15:46
|
|
|
|
| # ? Apr 28, 2024 20:07 |
|
|
So, before the hack, why was CCleaner bad? Just placebo software?
|
|
#
?
Sep 19, 2017 15:49
|
|
