However, Piriform said it had taken action to ensure users of the affected versions of CCleaner were safe by removing them from download sites.
The disk cleaning utility CCleaner has been hijacked by cyber attackers that used the popular software as a vehicle for distributing and spreading malware.
The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The company said it has already forced updates of the affected version and in its own words was "able to disarm the threat before it was able to do any harm". In that attack, which crippled thousands of business machines worldwide, wiper malware was distributed via legitimate tax accounting software from a Ukrainian company called M.E.Doc.
The maliciously modified version of the tool was available for download until September 12. However, there are a few factors that limited the number of infections, one of which is that for users of the free version of CCleaner, updates are not automatic.
"In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains".
That means this malicious code had the potential to reach more than 20 million users in the period of time the bad version of CCleaner were available for download.
Also, it appears the malware simply collected information about the computers it was uploaded on; while Floxif can download and execute other forms of malware, Avast, CCleaner's distributor, hasn't found evidence it did so. No malicious software has been found in CCleaner 5.34, which was released on September 13. The first clean version of CCleaner that users should now be using are Version 5.34 and 1.07.3214 respectively. "Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected", the blog post said.
Piriform, the software's developer, has since issued an apology for the exploit affecting so many of its customers.
"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", Piriform wrote on its blog.
Piriform and Avast continue the investigation in order to find out how this compromise happened, who did it, and the hackers' ultimate goal. Even if you are not sure you downloaded the software or updated it in given time frame, you should update it to the latest version to avoid any issue.
In hurricane zone, man gives up the last generator
Customer Pam Brekke traveled nearly 30 miles to purchase one of those generators , but she was next in line when they ran out. Santiago doesn't speak English fluently, so he didn't know why Brekke needed the generator - only that she did.
Pakistan look to seal Independence Cup against World XI
The World XI opened their chase strongly, with a 47-run opening partnership between Bangladesh's Tamim Iqbal and Amla. But Perera took charge in the last five overs as he cut loose against Pakistan seamers Shoaib Malik and Rumman Raees.
Olive Garden unlimited pasta pass is back
Per tradition with the Pasta Pass sale, the all-y0u-can-eat deals will go to the fastest shoppers starting Thursday at 2:00 p.m. The 22,000 regular passes on sale Thursday, Sept. 14, 2017, let people eat as much pasta as they want for eight weeks for $100.
Trump Mocks Clinton In Another Early-Morning Twitter Tirade
It comes as Mrs Clinton has released her latest book, " What Happened ", which tackles the 2016 USA presidential election . Trump retweeted a slew of other images on Sunday depicting the influence of his "Make America Great Again" agenda.
LA Lakers to retire two Kobe Bryant's jersey numbers
The Lakers are in a rebuild, as they move away from the Bryant era, one of the greatest stretches in franchise history. He tallied 16,777 points, captured two titles, and participated in 10 All-Star when he donned jersey number 24.