| Rich Freeman on 21 Sep 2017 10:42:32 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] o/t CCleaner |
On Thu, Sep 21, 2017 at 10:35 AM, Tim Allen <tim@peregrinesalon.com> wrote: > It gets worse: > > http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1 > > "These findings also support and reinforce our previous recommendation that > those impacted by this supply chain attack should not simply remove the > affected version of CCleaner or update to the latest version, but should > restore from backups or reimage systems to ensure that they completely > remove not only the backdoored version of CCleaner but also any other > malware that may be resident on the system." > This should have been completely obvious already. If somebody has been running arbitrary code on your system then anything that could be touched by that code is potentially compromised. If the code was running as root/admin/etc then that means the entire system. If you have backups you should probably be falling back to them even if you don't think they were running as root just to be safe. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug