CCleaner disaster: It was a targeted espionage attempt against major tech firms

CCleaner disaster: It was a targeted espionage attempt against major tech firms
At the beginning of this week, it was reported that award-winning, hugely popular computer cleaning software CCleaner had been bundled with malware for almost a month with its official installer.

Shortly after, it was revealed that the incident wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment.



Now, Wired has more details of the incident. According to Telos, a security company who found the malware originally, the malware didn't care much about Joe Average's computer, but instead, filtered the infected computers and tried to find out whether it had gained access to specific tech firms' networks. Those networks include at least 18 large tech companies, including Intel, Samsung, Microsoft and Cisco (Telos, who found the malware, is a subsidiary of Cisco).

In about half of those cases, Telos manager says, the hackers successfully found a machine they'd compromised within the company's network. Hackers then used the backdoor to install another piece of malware to such systems, intended to gain more access within the network.

According to Cisco, they've managed to get a copy of a database including the computers who had "phoned home" with the initial malware. That list included about 700'000 PCs. But they also found a separate database that contained the details of computers who had installed another payload of malware after the initial contact.

Avast, who owns Pirisoft, confirmed this and stated that of those 18 companies the malware specifically targeted, have been partially breached and says that computers infected with the second malware (initiated by the original one that came with CCleaner) is "in hundreds".

Cisco calls the entire disaster a sophisticated espionage attempt, aiming to steal valuable information from tech giants across the globe.

For employees within those 18 companies who had installed the CCleaner in August or September, simply removing the infected CCleaner isn't enough as the second malware might still be lurking within their systems. And as the malware is a tailor-made, it might be able to avoid traditional anti-virus scans. Thus, Cisco recommends to wipe out the entire PC and install it again from a pre-August backup.



For everybody else, it is enough to remove the CCleaner v5.33 and replace it with the latest, clean one.

You can download the latest, clean CCleaner from here:

Download latest CCleaner (from AfterDawn's servers)

Written by: Petteri Pyyny @ 22 Sep 2017 3:15
Tags
malware Avast spyware security Cisco Spying security exploit CCleaner
Advertisement - News comments available below the ad
  • 5 comments
  • ChikaraNZ

    Quote: ...wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment To me, there's not much distinction between these two situations. Ultimately, the company that owns the infrastructure that's breached is responsible, and I don't see how a company that has good controls could allow their development environment (or indeed any environment) to be compromised.

    22.9.2017 06:30 #1

  • msmithfl

    I thought this article was an ad for the product, then realized...

    What can they mean, "targeted"?

    It was delivered almost as a broadcast. Maybe it wasn't interested in the majority of its victims, but it certainly wasn't targeted. The secondary delivery was targeted.

    Let's see if "purposeful" or "selectively active" might be better?

    Mike

    22.9.2017 09:14 #2

  • POEE

    I've wiped my PCs clean down to the hardware, restored from a late July backup, and uninstalled everything from Avast and Piriform from my computers -- I will never use them again, they have lost a paying customer for life. I don't care who the hacker was or what they were after, they got through. Avast is a company supposedly DESIGNED to prevent this. I doubt Avast will ever recover completely from this in the public's eye, nor do they deserve to.

    I'm with Webroot and Bitdefender now, so we'll see.

    22.9.2017 17:30 #3

  • ChappyTTV

    Originally posted by ChikaraNZ: Quote: ...wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment To me, there's not much distinction between these two situations. Ultimately, the company that owns the infrastructure that's breached is responsible, and I don't see how a company that has good controls could allow their development environment (or indeed any environment) to be compromised. Agree 100%!
    To have their development environment hacked, that's pretty fucking deep into critical systems and infrastructure...how could they not notice that their installer had gained some weight somehow? Are they that lax that the extra few 100kb, or whatever, went unnoticed?
    Pretty poor internal auditing...

    23.9.2017 02:43 #4

  • ptb4649

    Thanks to all for the "YOU DON'T WANT IT!"...I currently have Malwarebytes and was impressed by using Avast to get rid of some nasties on a friends' system. I was seriously considering moving to Avast, and I am embarrassed to say because it was effective, and because of the beautiful user interface and myriad of other helper apps included. I am staying with Malwarebytes--not as pretty, but at least it does no harm!

    25.9.2017 18:03 #5

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud