ccleaner forum hacked?

Discussion in 'malware problems & news' started by stapp, Nov 2, 2012.

Thread Status:
Not open for further replies.
  1. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,288
    Location:
    England
    I cannot get the forum page up at the moment. It shows error.

    MSE also came up with an Exploit which it removed (I was using sandboxie anyway)

    MBAM is also blocking it.
     

    Attached Files:

    • cc.JPG
      cc.JPG
      File size:
      88.2 KB
      Views:
      29
    • nasty.JPG
      nasty.JPG
      File size:
      137.8 KB
      Views:
      24
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Showing a flag via ESET here.
     

    Attached Files:

  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Thanks Stapp :)

    java applet, exploit

    +pdf, exploit.

    Upped to virustotal.

    edit:

    VT hashes - #search
    SHA256: 9eed1841380772cfe9a1c27f40327dd717eff8d225163fbe3748063f2b7e5db0
    SHA256: 433def6617e3d1167a974afa0c9275e4e900caa68ac415f05186c2ad76dc50b2
     
    Last edited: Nov 2, 2012
  4. schrauber

    schrauber Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    1
    Thanks for the info stapp :)
     
  5. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    I have a question please, when i went to the site, malwarebytes blocked it. Yet there are no entries in the Avira events. I see that in the V.T results Avira does detect this java exploit.
    In the MBAM logs is says IP-BLOCK 46.166.147.133 (Type: outgoing, Port: 49920, Process: avwebgrd.exe )
    So i am slightly confused. Avira webguard is not seeing this , right ?
    Thanks in advance
     

    Attached Files:

  6. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    I just tried it and Norton blocked it too, "Mass injection website"!
     
  7. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    570
    Location:
    Bosnia
    KAV did the same.

    solve-putted.php Blocked:-http://46.166.147.133/m7md305/trial/solve-putted.php- (analysis using the database of malicious URLs) 2.11.2012. 11:38:53 -http://46.166.147.133/m7md305/trial/-
     
    Last edited by a moderator: Nov 2, 2012
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Same here for the Error but no detection from Bitdefender. It blocks the above URL by cd2
     
  9. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Please do us all a favor and unlink both URL. Thanks.
     
  10. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    I'm worried about hazelnut. Hope she is safe!
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    No such problem getting to that forum for me.
    MBAM Website Blocking was silent.
    Norton DNS was silent.
    No other security app displayed any issue with the forum.
     
  12. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    No issue here either, Avast never said a word nor did Chrome. I guess they either fixed it or some clown made a spam post with an exploit in it.
     
  13. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    It was real! Talking about it on their forum.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I never questioned that it was real... just reporting that when I tried there was no issue. ;)
     
  15. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Nor did I question there might have been an issue. Forums don't have to be hacked however for security software to go off. One malicious post in an otherwise clean forum will set software like MBAM off. I've had Avast and Chrome block entire websites for a single link on a page. I'm glad it got settled though.
     
  16. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    She is :)
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    No physical harm came to anyone involved.
     
  18. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thread at the Piriform forum:
    -http://forum.piriform.com/index.php?showtopic=37118

    IMHO it would be good that the Piriform owner(s) explain what happened.
     
  19. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @ FanJ, A explanation from the owners would be nice.
     
  20. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Exactly, Dark Shadow. No security by obscurity.
     
  21. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    That link points back to this thread !!
    The onus on the site owners is, keep those that visit from getting infected, find what the site was designed for, they are under no obligation to explain what occurred at any time other than there was some down time. The event has been fixed, it's all over_

     
  22. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Yes, I am aware of that.

    We have different opinions.
     
  23. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    No one is owed an explanation because site administration is not the business of anyone but the site administrators/owners. Besides, the moment they open up that can of worms, every armchair security "expert" on their forum and elsewhere (here being one of them) along with those that wouldn't know an AV from an RV, will start chiming in on what should be done according to them and how they were "failed" and other nonsense. And, of course, here it would turn right into another "Hey Bob, what's your setup?" mid-thread. I'm sorry, but outside of their actual product information and issues, they don't report to us users. It was, it looks to be, just another of the prevalent website hacks we all have to deal with these days and it was dealt with. Time to move on.
     
  24. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  25. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    No, I disagree. Not time to move on.
     
Loading...
Thread Status:
Not open for further replies.