tiptrot.com July 17, 2018

Malware Hits PC Cleanup Tool CCleaner

19 September 2017, 12:33 | Cedric Leonard

A projection of cyber code on a hooded man

Projection of cyber code on hooded man

CCleaner, the popular PC tool that anti-virus software maker Avast only acquired when it bought Piriform in July, has been compromised in a supply-chain attack in August and September affecting as many as 2.27 million users.

However, Piriform said it had taken action to ensure users of the affected versions of CCleaner were safe by removing them from download sites.

The disk cleaning utility CCleaner has been hijacked by cyber attackers that used the popular software as a vehicle for distributing and spreading malware.

The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The company said it has already forced updates of the affected version and in its own words was "able to disarm the threat before it was able to do any harm". In that attack, which crippled thousands of business machines worldwide, wiper malware was distributed via legitimate tax accounting software from a Ukrainian company called M.E.Doc.

The maliciously modified version of the tool was available for download until September 12. However, there are a few factors that limited the number of infections, one of which is that for users of the free version of CCleaner, updates are not automatic.

"In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains".

That means this malicious code had the potential to reach more than 20 million users in the period of time the bad version of CCleaner were available for download.

Also, it appears the malware simply collected information about the computers it was uploaded on; while Floxif can download and execute other forms of malware, Avast, CCleaner's distributor, hasn't found evidence it did so. No malicious software has been found in CCleaner 5.34, which was released on September 13. The first clean version of CCleaner that users should now be using are Version 5.34 and 1.07.3214 respectively. "Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected", the blog post said.

Piriform, the software's developer, has since issued an apology for the exploit affecting so many of its customers.

"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", Piriform wrote on its blog.

Piriform and Avast continue the investigation in order to find out how this compromise happened, who did it, and the hackers' ultimate goal. Even if you are not sure you downloaded the software or updated it in given time frame, you should update it to the latest version to avoid any issue.

Other News


Trending Now

In hurricane zone, man gives up the last generator
Customer Pam Brekke traveled nearly 30 miles to purchase one of those generators , but she was next in line when they ran out. Santiago doesn't speak English fluently, so he didn't know why Brekke needed the generator - only that she did.

Pakistan look to seal Independence Cup against World XI
The World XI opened their chase strongly, with a 47-run opening partnership between Bangladesh's Tamim Iqbal and Amla. But Perera took charge in the last five overs as he cut loose against Pakistan seamers Shoaib Malik and Rumman Raees.

Olive Garden unlimited pasta pass is back
Per tradition with the Pasta Pass sale, the all-y0u-can-eat deals will go to the fastest shoppers starting Thursday at 2:00 p.m. The 22,000 regular passes on sale Thursday, Sept. 14, 2017, let people eat as much pasta as they want for eight weeks for $100.

Trump Mocks Clinton In Another Early-Morning Twitter Tirade
It comes as Mrs Clinton has released her latest book, " What Happened ", which tackles the 2016 USA presidential election . Trump retweeted a slew of other images on Sunday depicting the influence of his "Make America Great Again" agenda.

Former PM Manmohan Singh in Jammu to discuss issues confronting the state
The SHO had reportedly requisitioned a bullet-proof vehicle in view of the danger posed by terrorists, but was not provided one. A fire fight between militants and forces was also raging in Burbugh village of Imam Sahib area in southern Shopian district.

Canelo Alvarez will beat Gennady Golovkin by late round stoppage — Bold Prediction
While streaming the fight for free sounds nice on paper, getting caught using these illegal streams isn't so pleasant. He can be hit and he can be out-boxed, he can be beaten and top fighters are going to go in with that mentality.

Power outages hit Space Coast before Irma arrives
Gould said Saturday that the Hurricane Irma restoration "will be one of the most complex restorations the country has ever seen". FPL is a unit of Florida energy company NextEra Energy Inc.

LA Lakers to retire two Kobe Bryant's jersey numbers
The Lakers are in a rebuild, as they move away from the Bryant era, one of the greatest stretches in franchise history. He tallied 16,777 points, captured two titles, and participated in 10 All-Star when he donned jersey number 24.

Fans hurt as stand collapses during England cricket match
Alex Hales was nearly out for a golden duck as well but Rovman Powell dropped a tough diving chance following a firm clip off the pads.

Thousands of homes wrecked by huge Mexican quake, death toll at 90
Ambassador to Mexico Yoni Peled and his team will deliver the aid to state governors in the coming days, a statement said. Waves rose as high as 0.7 metres in Mexico , the Pacific Tsunami Warning Centre said, though that threat passed.