tiptrot.com October 23, 2017

Malware Hits PC Cleanup Tool CCleaner

19 September 2017, 12:33 | Cedric Leonard

A projection of cyber code on a hooded man

Projection of cyber code on hooded man

CCleaner, the popular PC tool that anti-virus software maker Avast only acquired when it bought Piriform in July, has been compromised in a supply-chain attack in August and September affecting as many as 2.27 million users.

However, Piriform said it had taken action to ensure users of the affected versions of CCleaner were safe by removing them from download sites.

The disk cleaning utility CCleaner has been hijacked by cyber attackers that used the popular software as a vehicle for distributing and spreading malware.

The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The company said it has already forced updates of the affected version and in its own words was "able to disarm the threat before it was able to do any harm". In that attack, which crippled thousands of business machines worldwide, wiper malware was distributed via legitimate tax accounting software from a Ukrainian company called M.E.Doc.

The maliciously modified version of the tool was available for download until September 12. However, there are a few factors that limited the number of infections, one of which is that for users of the free version of CCleaner, updates are not automatic.

"In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains".

That means this malicious code had the potential to reach more than 20 million users in the period of time the bad version of CCleaner were available for download.

Also, it appears the malware simply collected information about the computers it was uploaded on; while Floxif can download and execute other forms of malware, Avast, CCleaner's distributor, hasn't found evidence it did so. No malicious software has been found in CCleaner 5.34, which was released on September 13. The first clean version of CCleaner that users should now be using are Version 5.34 and 1.07.3214 respectively. "Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected", the blog post said.

Piriform, the software's developer, has since issued an apology for the exploit affecting so many of its customers.

"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", Piriform wrote on its blog.

Piriform and Avast continue the investigation in order to find out how this compromise happened, who did it, and the hackers' ultimate goal. Even if you are not sure you downloaded the software or updated it in given time frame, you should update it to the latest version to avoid any issue.

Other News

Trending Now

Brewers playoff hopes take hit with Jimmy Nelson lost for season
Milwaukee Brewers starter Jimmy Nelson left Friday night's 2-0 victory over the Chicago Cubs after jamming his right shoulder. There's some talent and experience in that group, but losing Nelson really tightens that rotation up.

Frankfurt 2017: Volkswagen Paints Clearer Picture of Electric SUV
With governments planning to phase out sales of gas and diesel engines, electric cars were also a big focus throughout the show. That means that by 2030 the company plans to offer an electric or hybrid version of over 300 different vehicle models.

Pakistan look to seal Independence Cup against World XI
The World XI opened their chase strongly, with a 47-run opening partnership between Bangladesh's Tamim Iqbal and Amla. But Perera took charge in the last five overs as he cut loose against Pakistan seamers Shoaib Malik and Rumman Raees.

Gas prices drop 15 cents, highest in UP
The national average increased 27.9 cents per gallon during the last month and was 40.4 centers per gallon higher than past year . Energy Department, six Gulf Coast refineries are operating at reduced rates, which is one more refinery than last week.

Netflix's 'Narcos' Location Scout Shot & Killed On the Job in Mexcio
In July, 182 cases of homicide were reported in the densely populated state, a ratio of 12.2 for every 100,000 inhabitants. The BBC report that his body was discovered on Monday (September 11), although details are only emerging now.

Fans hurt as stand collapses during England cricket match
Alex Hales was nearly out for a golden duck as well but Rovman Powell dropped a tough diving chance following a firm clip off the pads.

Seattle Mayor Resigns Amid Sexual Abuse Allegations
The mayor's resignation may mean some unsteadiness in the next couple months, but the city will be better off without a disgraced, distracted leader.

HURRICANE WARNING for some of Northeast Florida
As per reports from the weather forecast, officials have announced an alarming situation for the United States. According to the latest forecast, the SC coast is now less likely to take a direct hit from Hurricane Irma .

Singapore F1 Grand Prix 2017
Singapore will host a grand prix until at least 2021 after signing a new contract with Formula 1. He is now sixth in the point standings and been retired in six different races this year.

Every product from Fenty Beauty
And it wasn't mere talk; the collection is indeed for all women as it caters to different skin tones. The Fenty Beauty Match Stix serve three different purposes: to hide , contour and highlight.