![]() ![]() In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm. Users of CCleaner Cloud version have received an automatic update. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v users to the latest version. We also immediately contacted law enforcement units and worked with them on resolving the issue. Based on further analysis, we found that the version of CCleaner and the version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. On September 18, Piriform released the following statement from their VP of Products, Paul Yung.Ī suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version of CCleaner, and CCleaner Cloud version, on 32-bit Windows systems. Ransomware is becoming a troubling trend, and if hackers are able to infect infect update servers they can spread malware to as many machines as possible.CCleaner is a free tool offered by Piriform, a subsidiary of Avast, used to wipe a computer's cache. Last week, Avast discovered CCleaner had a back door installed allowing attackers to gain access to computers with this program. For example, earlier this year, it was found that a breach at Ukranian software company MeDoc was responsible for the NotPetya ransomware. While Avast got in front of the issue and resolved it without incident, smaller companies might not be able to react so quickly. ![]() The impact on you at home: While personal users within the target area shouldn’t see any impact from this attempted attack, it’s still a scary notion. If you’re affected, Cisco Talos recommends using a backup to restore your PC to a state prior to August 15, 2017, which is when the hacked version was released. You’ll also want to perform an antivirus scan on your computer. Previous releases are also still available on the company’s website, but the infected version has been removed from the company’s servers. Personal users can download CCleaner 5.34 from Avast’s website if they haven’t already done so. Cisco Talos suspects the attackers planned to use the malware to conduct industrial espionage. “Given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds,” Avast says.Ĭisco Talos also studied the malware’s command server and reports that it was attempting to infiltrate PCs in technology organizations, including Intel, Samsung, HTC, VMWare, Cisco itself, and others. Update: On September 21, Avast revealed that the malware was designed to deliver a second-stage payload to infected computers in specific organizations, and at least 20 machines across eight companies contacted the command and control server. The intent of the attack is unclear at this time, though Avast says the code was able to collect information about the local system. Most reassuringly, Yung states that Avast was seemingly able to disarm the threat before it was able to do any harm. Additionally, the company is moving all users to the latest version of the software, which is already available on the company’s website (though the release notes only mention “minor big fixes.”) He also says Piriform has shut down the hackers’ access to other servers. Yung assures customers that the threat has been resolved and the “rogue server” has been taken down. ![]() 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data. 21 with details about the malware targeting specific technology companies for industrial espionage. ![]() In an in-depth probe of the popular optimization and scrubbing software, Cisco Talos has discovered a malicious bit of code injected by hackers that could have affected more than 2 million users who downloaded the most recent update.Įditor’s note: This article was first published on September 18, 2017, but was updated on Sept. It seems that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs, might not have been keeping your PC so clean after all. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |