With over 20 million downloads per month, and the updates, that is a high number of PCs that have been affected by this. The compromised versions of CCleaner and CCleaner Cloud were distributed for nearly a month. The only suggestion that Piriform has is to update to the most recent version. Paul Yung, the company's VP of products, published a technical assessment of the attack on the company blog as well. We have no indications that any other data has been sent to the server. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. According to that statement, non-sensitive data may have been transmitted to a server in the United States of America. Piriform issued a statement on September 18th, 2017. The malicious payload creates the Registry key HKLM\SOFTWARE\Piriform\Agomo: and used it to store various information. You can download the free ClamAV from this website. Another option that the researchers consider is that an insider included the malicious code.ĬCleaner users who want to make sure that the compromised version is not still on their system may want to scan it on Virustotal, or scan it with ClamAV, as it the only antivirus software that detects the threat right now. The researchers think it is likely that "an external attacker compromised a portion" of Piriform's development or build environment, and used the access to insert the malware into the CCleaner build. The Talos researchers concluded that the malicious payload was distributed between the release of version 5.33 on August 15th, 2017 and the release of version 5.34 on September 12th, 2017. ![]() The installer contained a "malicious payload that featured a Domain Generation Algorithm" as well as "hardcoded Command and Control" functionality. The download executable was signed with a valid Piriform signature. Talos Group"identified a specific executable" during tests of the company's new exploit detection tool which came from the CCleaner 5.33 installer which in turn was delivered by legitimate CCleaner download servers. ![]() Talos Group informed Avast, the parent company of Piriform, about the situation. Security researchers of Cisco's Talos Group revealed details about the successful supply chain attack. CCleaner Cloud was released on August 24th, 2017, and a non-compromised version of the program on September 15th, 2017. ![]() CCleaner was released on August 15th, 2017, and an updated non-compromised version was released on September 12, 2017.The latest release version of CCleaner is version 5.34 at the time of writing. The company asks users to update their version of the program to the latest available release if that has not been done already. According to Piriform, only the 32-bit versions of the applications were compromised and distributed using the company's own infrastructure. The affected versions are CCleaner and CCleaner Cloud. To avoid such PUPs, use either portable version of CCleaner or try unchecky.The hackers compromised two versions of the CCleaner in the attack which have been used by up to 3% of the company's user base. Some other German blogger who tested the installer during the last hours, has been offered Google Chrome browser as PUP. Down in the lower left corner of the installer windows is a checkbox offering to install Avast Antivirus. I was greeted by the installer dialog shown above. I then downloades Pirifom CCleaner V5.37 installer and gave it a try. Now I noticed this Techdows article, pointing out, that CCleaner installer is shipped with PUP offers. But none of my blog readers confirmed this observation. ![]() After publishing this article, I received a user comment, claiming, that AVAST antivirus has been installed with CCleaner. I don't (like and) use the tool, and I'm warning you to be cautious, especially since the September 2017 incident where the software was shipped with malware (see my blog post Autsch: CCleaner has been infected with malware). But Pirifom was purchased by AVAST, an antivirus vendor, last summer. The program CCleaner from Piriform is quite popular to clean up Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |