AfterDawn: Tech news

CCleaner disaster: It was a targeted espionage attempt against major tech firms

Written by Petteri Pyyny @ 22 Sep 2017 3:15 User comments (5)

CCleaner disaster: It was a targeted espionage attempt against major tech firms

At the beginning of this week, it was reported that award-winning, hugely popular computer cleaning software CCleaner had been bundled with malware for almost a month with its official installer.
Shortly after, it was revealed that the incident wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment.

Now, Wired has more details of the incident. According to Telos, a security company who found the malware originally, the malware didn't care much about Joe Average's computer, but instead, filtered the infected computers and tried to find out whether it had gained access to specific tech firms' networks. Those networks include at least 18 large tech companies, including Intel, Samsung, Microsoft and Cisco (Telos, who found the malware, is a subsidiary of Cisco).



In about half of those cases, Telos manager says, the hackers successfully found a machine they'd compromised within the company's network. Hackers then used the backdoor to install another piece of malware to such systems, intended to gain more access within the network.

According to Cisco, they've managed to get a copy of a database including the computers who had "phoned home" with the initial malware. That list included about 700'000 PCs. But they also found a separate database that contained the details of computers who had installed another payload of malware after the initial contact.

Avast, who owns Pirisoft, confirmed this and stated that of those 18 companies the malware specifically targeted, have been partially breached and says that computers infected with the second malware (initiated by the original one that came with CCleaner) is "in hundreds".

Cisco calls the entire disaster a sophisticated espionage attempt, aiming to steal valuable information from tech giants across the globe.

For employees within those 18 companies who had installed the CCleaner in August or September, simply removing the infected CCleaner isn't enough as the second malware might still be lurking within their systems. And as the malware is a tailor-made, it might be able to avoid traditional anti-virus scans. Thus, Cisco recommends to wipe out the entire PC and install it again from a pre-August backup.

For everybody else, it is enough to remove the CCleaner v5.33 and replace it with the latest, clean one.

You can download the latest, clean CCleaner from here:

Download latest CCleaner (from AfterDawn's servers)

Previous Next  

5 user comments

122.9.2017 06:30

Quote:
...wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment
To me, there's not much distinction between these two situations. Ultimately, the company that owns the infrastructure that's breached is responsible, and I don't see how a company that has good controls could allow their development environment (or indeed any environment) to be compromised.

222.9.2017 09:14

I thought this article was an ad for the product, then realized...

What can they mean, "targeted"?

It was delivered almost as a broadcast. Maybe it wasn't interested in the majority of its victims, but it certainly wasn't targeted. The secondary delivery was targeted.

Let's see if "purposeful" or "selectively active" might be better?

322.9.2017 17:30

I've wiped my PCs clean down to the hardware, restored from a late July backup, and uninstalled everything from Avast and Piriform from my computers -- I will never use them again, they have lost a paying customer for life. I don't care who the hacker was or what they were after, they got through. Avast is a company supposedly DESIGNED to prevent this. I doubt Avast will ever recover completely from this in the public's eye, nor do they deserve to.

I'm with Webroot and Bitdefender now, so we'll see.

423.9.2017 02:43

Originally posted by ChikaraNZ:
Quote:
...wasn't caused by mismanagement at the Piriform, company behind the software, but a "sophisticated" hack that had managed to gain access to Piriform's development environment
To me, there's not much distinction between these two situations. Ultimately, the company that owns the infrastructure that's breached is responsible, and I don't see how a company that has good controls could allow their development environment (or indeed any environment) to be compromised.
Agree 100%!
To have their development environment hacked, that's pretty fucking deep into critical systems and infrastructure...how could they not notice that their installer had gained some weight somehow? Are they that lax that the extra few 100kb, or whatever, went unnoticed?
Pretty poor internal auditing...

525.9.2017 18:03

Thanks to all for the "YOU DON'T WANT IT!"...I currently have Malwarebytes and was impressed by using Avast to get rid of some nasties on a friends' system. I was seriously considering moving to Avast, and I am embarrassed to say because it was effective, and because of the beautiful user interface and myriad of other helper apps included. I am staying with Malwarebytes--not as pretty, but at least it does no harm!

Comments have been disabled for this article.

Latest news

Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
4 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments
How to Enable Bluetooth on Stadia Controller How to Enable Bluetooth on Stadia Controller (11 Feb 2023 1:04)
Google shut down its streaming game service Stadia late last month and this means that some people have Stadia controllers lying around that seem to be of no use. That is fortunately not the ....
2 user comments

News archive