DBSA:2015-0001

From Digibase Knowledge Base
Revision as of 23:25, 29 March 2015 by Kradorex Xeron (talk | contribs) (Created page with "{{DBSAHEAD | TITLE=Puush.me/Puu.sh Compromised, Malware Distributed | KEYWORDS=puush.me, puu.sh, Puush, malware, compromise, malware }} '''DBSA ID:''' {{PAGENAME}} '''Regard...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Puush.me/Puu.sh Compromised, Malware Distributed

Keywords: puush.me, puu.sh, Puush, malware, compromise, malware

DBSA ID: 2015-0001

Regarding: Puush.me Compromised, Malware Distributed

Writeup: Kradorex Xeron (talk) 23:25, 29 March 2015 (EDT)

Date: 2015 03 30

Last Modified: 20150329232504 by Kradorex Xeron

Who should take note: All Puush Users, especially users of Puush Windows client

Classification

Priority: HIGH

Rationale: Confidential user data on infected systems may be compromised, it is essential to limit the scope of compromised data.

Severity: MODERATE

Rationale: Malware is a trojan horse that may download and install additional malware. User internet traffic may be compromised with malware present.

Spread of Issue: SINGLE-PLATFORM MODERATE

Rationale: Puush.me is a fairly known service.

Description

Puu.sh aka Puush.me aka Puush is a file sharing and distribution service that users may easily upload files from their computers and make them available to others. The service is targetted toward media sharing. There has been recently an incident whereas an update uploaded to the vendor's servers had become compromised that resulted in malware being included in an update issued to users. This malware is known as QVM03.0.Malware and has been identified to contact foreign servers and tamper with proxy server settings, file extensions and install additional malware.

The Puush service itself is not believed to be compromised as a result of this incident.

Mitigation/Solution

The vendor has issued a secondary update that removes the malware, however it is strongly advised to scan with a full antimalware software such as MalwareBytes (https://www.malwarebytes.org/) for any additional malware as the included update fix and traditional antivirus may not detect this specific malware. The download and use of Adwcleaner (http://www.bleepingcomputer.com/download/adwcleaner/) may also be performed to identify if any additional tampering has been performed.

References

Retrieved from "http://kb.digibase.ca/index.php?title=DBSA:2015-0001&oldid=744"