![]() ![]() ![]() ![]() All in front of the digital signature being applied. #CCLEANER CLOUD SCHEDULER INSTALL#And if there were additional files, their install scripts as well. Someone would have infiltrated their source code. This wan't a simple 'some hacker' dropped a file(s) on a hacked server. I wonder if Piriform was using source control software (I have brought this up before.) Most commercial software companies do. As an IT director and project manager at a software company. The "64 Thousand Dollar Question" is why didn't Webroot notify anyone about it?Ĭlick to expand.I hate to be this guy but these are things I have been thinking about since before they were brought up. Since the malware was installed on the server, there very well might be an undiscovered worm component to this attack. Suspect that the attacker was running limited "trial runs" of the malware to test it out and to determine the effectives of his backdoor code against existing detection by security products.ģ. The attacker had access to Piriform servers much early that has been reported.Ģ. Upon examination, he found the malware on his server but CCleaner had never been installed on any of his servers.ġ. The poster was receiving alerts from Webroot in late June about backdoor activity originating from CCleaner by one of his client's endpoint devices. installation and obviously not one of the high value corps. There is an interesting comment to the Cisco blog posting in regards to the initial attack and backdoor analysis that I am posting below. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |