Petteri Pyyny
22 Sep 2017 3:15
At the beginning of this week, it was reported that award-winning, hugely popular computer cleaning software CCleaner had been bundled with malware for almost a month with its official installer.
Shortly after, it was revealed that the incident wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment.
Now, Wired has more details of the incident. According to Telos, a security company who found the malware originally, the malware didn't care much about Joe Average's computer, but instead, filtered the infected computers and tried to find out whether it had gained access to specific tech firms' networks. Those networks include at least 18 large tech companies, including Intel, Samsung, Microsoft and Cisco (Telos, who found the malware, is a subsidiary of Cisco).
In about half of those cases, Telos manager says, the hackers successfully found a machine they'd compromised within the company's network. Hackers then used the backdoor to install another piece of malware to such systems, intended to gain more access within the network.
According to Cisco, they've managed to get a copy of a database including the computers who had "phoned home" with the initial malware. That list included about 700'000 PCs. But they also found a separate database that contained the details of computers who had installed another payload of malware after the initial contact.
Avast, who owns Pirisoft, confirmed this and stated that of those 18 companies the malware specifically targeted, have been partially breached and says that computers infected with the second malware (initiated by the original one that came with CCleaner) is "in hundreds".
Cisco calls the entire disaster a sophisticated espionage attempt, aiming to steal valuable information from tech giants across the globe.
For employees within those 18 companies who had installed the CCleaner in August or September, simply removing the infected CCleaner isn't enough as the second malware might still be lurking within their systems. And as the malware is a tailor-made, it might be able to avoid traditional anti-virus scans. Thus, Cisco recommends to wipe out the entire PC and install it again from a pre-August backup.
For everybody else, it is enough to remove the CCleaner v5.33 and replace it with the latest, clean one.
You can download the latest, clean CCleaner from here:
Download latest CCleaner (from AfterDawn's servers)