Menu
▾
▴
Re: [Camstudio-devs] Virus
|
From: Nick S. <in...@in...> - 2014-01-15 10:42:12
|
Thanks Jason. CamStudio forum admin password has been changed as has FTP etc passwords on the server... Cheers Nick :o) On Wed, Jan 15, 2014 at 4:51 AM, Terry Leigh Britton < ter...@gm...> wrote: > Thanks, Jason - So, everyone - change your CamStudio forum password at the > very least, and perhaps other passwords as well. > > Terry > > *"Action springs not from thought, but from a readiness for > responsibility.”* -* Dietrich Bonhoeffer * > > *"Helping others in whatever way one can is a most pleasant way to spend > one's lifetime." *- *Terry Leigh Britton* > > > On Tue, Jan 14, 2014 at 11:48 PM, Jason Goodman <jas...@gm... > > wrote: > >> I do computer security for a living these days, so I tend to react to the >> worst case scenario / paranoid side of things. That being said, this should >> be considered a serious security incident. >> >> If I downloaded and ran the malware from the link that was on the >> camstudio site, I would change all of my personal passwords. I don't know >> exactly which passwords it stole, but it could theoretically have stolen >> any you have saved anywhere on your computer or have typed in since them. >> If you ran the malware a good virus scan is probably in order as well. >> >> Even if you did NOT download and run the malware, you should still change >> the password you use for the camstudio forum. The attacker likely has >> access to the hashed version of this password, and using various techniques >> may recover the plaintext password. If you use your camstudio forum >> password with the same or similar email addresses on other sites, it would >> be a good idea to change your password on those other sites as well. >> >> Hope that helps, >> Jason >> >> >> >> On Tue, Jan 14, 2014 at 8:17 PM, Terry Leigh Britton < >> ter...@gm...> wrote: >> >>> Jason, >>> >>> Well, Shiver me timbers to their raw bones! Guess I'd better change some >>> passwords - you do mean it grabs personal passwords from a user's machine, >>> correct? >>> >>> Terry >>> >>> *"Action springs not from thought, but from a readiness for >>> responsibility.”* -* Dietrich Bonhoeffer * >>> >>> *"Helping others in whatever way one can is a most pleasant way to spend >>> one's lifetime." *- *Terry Leigh Britton* >>> >>> >>> On Tue, Jan 14, 2014 at 11:56 AM, Jason Goodman < >>> jas...@gm...> wrote: >>> >>>> Hi Terry, >>>> >>>> I only looked into it long enough to verify it was not CamStudio and >>>> likely malicious. As best I could tell, it was flagged by all of the AVs >>>> using generic password grabbing signatures rather than a signature for a >>>> specific piece of malware. >>>> >>>> If I had to speculate, my guess of what happened is that an attacker >>>> discovered a vulnerability, or developed an exploit for a published >>>> vulnerability, on an outdated version of the forum software. They then >>>> performed manual or automated scans of the internet looking for vulnerable >>>> forums. They found CamStudio. My best guess is they used CVE-2013-3527 >>>> which enabled them to dump passwords from the forum. Was one of the admin >>>> passwords for the forum the same as used to access cPanel? Either way, they >>>> eventually gained access to the server and saw they could distribute >>>> malware via our download link. They used a generic application that stole >>>> saved passwords for as many applications as possible and shipped them back >>>> to the attacker. As best I can tell this password grabber does not have a >>>> well known name. >>>> >>>> Other Possible Forum Vulnerabilities: >>>> >>>> http://www.cvedetails.com/vulnerability-list/vendor_id-11325/product_id-20496/Vanillaforums-Vanilla-Forums.html >>>> >>>> Jason >>>> >>>> >>>> >>>> On Mon, Jan 13, 2014 at 4:50 PM, Terry Leigh Britton < >>>> ter...@gm...> wrote: >>>> >>>>> Jason, >>>>> >>>>> Could you tell which virus it was? >>>>> >>>>> Terry >>>>> >>>>> *"Action springs not from thought, but from a readiness for >>>>> responsibility.”* -* Dietrich Bonhoeffer * >>>>> >>>>> *"Helping others in whatever way one can is a most pleasant way to >>>>> spend one's lifetime." *- *Terry Leigh Britton* >>>>> >>>>> >>>>> On Mon, Jan 13, 2014 at 11:29 AM, Jason Goodman < >>>>> jas...@gm...> wrote: >>>>> >>>>>> All, >>>>>> >>>>>> After seeing the traffic on sourceforge, I looked at the main >>>>>> download link on camstudio.org. >>>>>> >>>>>> It IS a virus. It IS NOT a false positive from the adware installer. >>>>>> >>>>>> I suspect that camstudio.org was compromised and the real download >>>>>> was replaced with the a trojan. This should be fixed ASAP. >>>>>> >>>>>> Jason >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>>>>> Critical Workloads, Development Environments & Everything In Between. >>>>>> Get a Quote or Start a Free Trial Today. >>>>>> >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >>>>>> _______________________________________________ >>>>>> Camstudio-devs mailing list >>>>>> Cam...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/camstudio-devs >>>>>> >>>>>> >>>>> >>>> >>> >> > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > Camstudio-devs mailing list > Cam...@li... > https://lists.sourceforge.net/lists/listinfo/camstudio-devs > > |