Usually, this requires a dedicated machine where the source code is compiled into the new binary/installer.
CCLEANER MALWARE EXECUTION WAIT TIME UPDATE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\HBP What happened?Įvery big software company uses “continuous integration and deployment”, a methodology that allows easier, faster and safer software update (with testing). HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\004 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\003 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\002 Also, another registry key was found storing a malware (later executed by the infection): HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\001 As of now, we don’t know what this second stage infection is doing. They also found that machines from these organizations (20 machines) got a second stage payload. After analysing the server code, they discovered interesting domains list of the possible targets, including Cisco, Samsung and other big corporations.
Talos discovered that the supposedly sleeping or idle infection was actually just filtering for specific targets on C&C (command and control) server. Older and newer versions are not affected, and Avast (CCleaner owner) claims simply updating to 5.34 removes the malware. Version 5.33 of the popular machine cleaner CCleaner has been compromised to deliver the Floxif malware as injected DLL.
0 kommentar(er)
