Until reading Martin’s article, I wasn’t aware that Avast had acquired Piriform. I just want to point out that BleachBit is opensource, you can inspect its (python) code AND that you can submit issue tickets (or pull requests) to help improve its plugins toward achieving more thorough cleaning. Sad news and, yes, I agree that the circumstances (details, timing) are strange.Īnother comment here already mentioned BleachBit as an alternative a further comment reported that it doesn’t clean a thoroughly as other cleaners. With over 20 million downloads per month, and the updates, that is a high number of PCs that have been affected by this. The compromised versions of CCleaner and CCleaner Cloud were distributed for nearly a month. ![]() The only suggestion that Piriform has is to update to the most recent version. Paul Yung, the company's VP of products, published a technical assessment of the attack on the company blog as well. We have no indications that any other data has been sent to the server. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. According to that statement, non-sensitive data may have been transmitted to a server in the United States of America. Piriform issued a statement on September 18th, 2017. The malicious payload creates the Registry key HKLM\SOFTWARE\Piriform\Agomo: and used it to store various information. You can download the free ClamAV from this website. Another option that the researchers consider is that an insider included the malicious code.ĬCleaner users who want to make sure that the compromised version is not still on their system may want to scan it on Virustotal, or scan it with ClamAV, as it the only antivirus software that detects the threat right now. The researchers think it is likely that "an external attacker compromised a portion" of Piriform's development or build environment, and used the access to insert the malware into the CCleaner build. The Talos researchers concluded that the malicious payload was distributed between the release of version 5.33 on August 15th, 2017 and the release of version 5.34 on September 12th, 2017. The installer contained a "malicious payload that featured a Domain Generation Algorithm" as well as "hardcoded Command and Control" functionality. The download executable was signed with a valid Piriform signature. Talos Group"identified a specific executable" during tests of the company's new exploit detection tool which came from the CCleaner 5.33 installer which in turn was delivered by legitimate CCleaner download servers. Talos Group informed Avast, the parent company of Piriform, about the situation. Security researchers of Cisco's Talos Group revealed details about the successful supply chain attack. CCleaner Cloud was released on August 24th, 2017, and a non-compromised version of the program on September 15th, 2017.CCleaner was released on August 15th, 2017, and an updated non-compromised version was released on September 12, 2017. ![]() ![]() The latest release version of CCleaner is version 5.34 at the time of writing. The company asks users to update their version of the program to the latest available release if that has not been done already. According to Piriform, only the 32-bit versions of the applications were compromised and distributed using the company's own infrastructure. The affected versions are CCleaner and CCleaner Cloud. The hackers compromised two versions of the CCleaner in the attack which have been used by up to 3% of the company's user base.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |