Rich Freeman on 21 Sep 2017 10:42:32 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] o/t CCleaner

On Thu, Sep 21, 2017 at 10:35 AM, Tim Allen <> wrote:
> It gets worse:
> "These findings also support and reinforce our previous recommendation that
> those impacted by this supply chain attack should not simply remove the
> affected version of CCleaner or update to the latest version, but should
> restore from backups or reimage systems to ensure that they completely
> remove not only the backdoored version of CCleaner but also any other
> malware that may be resident on the system."

This should have been completely obvious already.

If somebody has been running arbitrary code on your system then
anything that could be touched by that code is potentially
compromised.  If the code was running as root/admin/etc then that
means the entire system.  If you have backups you should probably be
falling back to them even if you don't think they were running as root
just to be safe.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --