Hackers hid malware in CCleaner antivirus software

19 September, 2017, 00:33 | Author: Elaine Woods
  • CCleaner v5.33

"By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates", said Cisco Talos researchers, who discovered the threat, in a blog post.

A mere two months ago, Czech antivirus company Avast acquired Recuva, Speccy, and CCleaner developer Piriform for an undisclosed amount of money.

CCleaner cleans up junk programs and advertising cookies to speed up devices - but users who downloaded in August got something extra.

Attackers could use infected machines "for any number of malicious purposes" as there are capabilities in the malware to download and run second-stage payloads; possibly to steal personal and financial information.

The spread of the malware is likely to have been restricted by Cisco's early intervention and Piriform/Avast's quick action in forcing the shut-down of the C&C server in question and releasing an updated version of the affected tool: CCleaner 5.34.

"We resolved this quickly and believe no harm was done to any of our users".

It gathers information like your IP address, computer name, a list of installed software on your computer, a list of active software and a list of network adapters and sends it to a third-party computer server.

Piriform said in a news release that it had worked with USA law enforcement to shut down a server located in the United States to which traffic was set to be directed.

Lewis Hamilton eyes Singapore 'long game' after Mercedes upstaged
Singapore Grand Prix polesitter Sebastian Vettel was left surprised by his qualifying pace, saying his auto "came alive" in the final session.

Earnings Reaction History: Oracle Corp., 75.0% Follow-Through Indicator, 5.2% Sensitive
Verizon Communications Inc. (VZ) exchanged hands at an unexpectedly low level of 11.8 million shares over the course of the day. These types of traders like to get in well ahead of a large spike, so it's always a smart move to monitor unusual volume.

Race to rescue survivors from ruins of Mexico quake
Residents sleep in a shelter in the aftermath of a massive quake , in Juchitan, Oaxaca state, Mexico , late Friday, Sept. 8, 2017. The 8.1 quake off the southern Pacific coast just before midnight Thursday toppled hundreds of buildings in several states.

Now it is not surprising to see carefully selected language and phrases used throughout an announcement like this because the company has a legal position to maintain.

All you wanted was a faster computer.

Yung declined to speculate on how the code appeared in CCleaner or where the attack originated from.

He apologised for any inconvenience that had been caused and said the company's investigation into the attack was "ongoing". "We want to thank the Avast Threat Labs for their help and assistance with this analysis". Previous research has showed that the overwhelming majority of security bugs would be rendered useless if people would use Standard/Limited accounts instead of Administrator accounts by default.

It's uncertain how the malware was slipped into CCleaner, a utility program that Piriform said has been downloaded some 2 billion times since it was first released in 2003. In total more than two million users downloaded the two affected versions. In cases where the samples found by Talos did successfully communicate with the C&C server, they would generate a system profile of the computer they had infected and post it back to the server.

Trusted software with compromised code and signed by a valid certificate is scary stuff.

Cisco Talos says the malicious version of CCleaner was released on August 15; it notified Piriform-CCleaner's UK-based developer, which was acquired by Avast in July-on September 13 and the server was shut down.

The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

Recommended:

  • LACETT | Cards drop in new AP poll after loss to Clemson

    LACETT | Cards drop in new AP poll after loss to Clemson

    Clemson piled up 578 yards of total offense, including 297 on the ground, in a 47-21 victory at Louisville on Saturday night. Kansas State and Stanford exited my top 25 this week, replaced by San Diego State at 22 and Vanderbilt at 25.
    Doklam figured in talks between Modi, Abe

    Doklam figured in talks between Modi, Abe

    During his last visit in December 2015, Abe was in Varanasi, PM Modi's Lok Sabha constituency. It said China would never follow India and Japan "who have somewhat lost themselves".

    Hurricane Jose continues to meander in the Atlantic

    Understandably, not too many in the Sunshine State have had time or attention for Jose. Jose was expected to turn northeast Monday night, forecasters said .
  • Troll Level: Expert - Donald Trump Literally Takes Aim at Hillary on Twitter

    Troll Level: Expert - Donald Trump Literally Takes Aim at Hillary on Twitter

    The GIF splices clips of Trump swinging a golf club and Clinton falling after appearing to be struck in the back by a golf ball. In the ensuing social media frenzy, CNN issued a statement denouncing Trump's decision to tweet the video.
    Steve Bannon Defiant in '60 Minutes' Interview

    Steve Bannon Defiant in '60 Minutes' Interview

    "That's what has been in America and you seem to want to turn it around and stop it". We would not have the Robert Mueller investigation.
    Vladimir Putin Calls for Talks With North Korea, Not Sanctions

    Vladimir Putin Calls for Talks With North Korea, Not Sanctions

    Putin also called for the re-implementation of global law and dialogue among concerned parties over the North Korea issue. A THAAD battery is known to require at least six rocket launchers, also involving a fire control and communications unit.
  • Hurricane Irma hits Florida again, this time at the gas pump

    Hurricane Irma hits Florida again, this time at the gas pump

    Energy Information Administration , both hurricanes led to higher than average gas prices over the last couple of weeks. Alaska, California, Hawaii, Montana and Utah saw average prices rise slightly, but should see relief in the weeks ahead.
    Man Utd boss Mourinho 'furious' with ignorant Pogba

    Man Utd boss Mourinho 'furious' with ignorant Pogba

    Needless to say, he is one of Everton's main threat in the match. "I said several times last season he is a real finisher. We don't expect to see a lot of goals in this game, and hence, we have picked less than 2.5 goals as our prediction.
    1 million join rally for Catalan independence

    1 million join rally for Catalan independence

    It has asked the 947 mayors in the northeastern region to provide voting facilities. The following day, the Constitutional Court of Spain suspended the new law.
  • CA Legislature Set to Vote on 'Sanctuary State' Proposal

    CA Legislature Set to Vote on 'Sanctuary State' Proposal

    The legislation, which might never make it into law because it still has to be signed by the governor, is authored by state Sens. Lawmakers reached a deal on the proposal after resistance from law enforcement officials and Gov.
    ESPN sends out statement regarding Jemele Hill tweets

    ESPN sends out statement regarding Jemele Hill tweets

    An ESPN spokesperson did not immediately respond to a request for comment about Sanders calling for Hill to be fired. Her critiques of Trump continued , calling his ascendancy to the White House the result of white supremacy.
    S&P 500 surges toward record high as fear fades (Update 1)

    S&P 500 surges toward record high as fear fades (Update 1)

    The two-year swap rate rose 2 basis points to 2.15 percent while the 10-year swaps rose 3 basis points to 3.05 percent. The pound meanwhile steadied Monday awaiting British MPs first vote on a bill to end Britain s membership of the EU.


Popular

Google launches, 'Tez', UPI based wallet and payments app
The app doesn't charge any amount of money on transactions and is much different from the prevalent mobile wallets in the nation. Make sure to choose Google account to get notifications, verification and everything related to your new Google Tez account.

Dozens of Burundian refugees killed in DR Congo
The crisis in Burundi has created over 400 000 refugees and left an estimated 700 opposition supporters dead. UNHCR also calls for an investigation into this tragic incident.

Former Google Employees are Suing the Company for Discrimination
Prior to that, she had worked as an engineer after graduating from the University of Virginia in 2006, the suit says. Charges of sexual orientation segregation have whirled at Alphabet Inc . - claimed Google since the U.S.

SpaceX releases Pythonesque video of rocket failures
There is, for example, a rocket booster landing attempt from August 2014 which failed due to a malfunctioning engine sensor. It's just a scratch, ' regardless of the fact that it is in pieces.

NASA sees Hurricane Jose in between Bahamas and Bermuda
The hurricane center shows tropical storm-force winds affecting the central and northern North Carolina coast by Sunday morning. USA Today said on Thursday the storm was likely to shift northward, edging the Mid-Atlantic as it tracked up the coast.

Kane ready to stand and trade with Champions League heavyweights
If your team is confident, it will grind the wins out even when they are exhausted or are not having the best day. Smalling is working well so why not use his experience.

Air Service to Florida Shut Down After Hurricane Irma
At the same time, the extra heat in the air and water means there is more energy to feed the storm, raising the wind speed of the hurricane.

Ryan Global School in Mumbai gheraoed
Thakur also sought setting up of a committee to inquire into the lapses leading to the death of his child. The two were produced before a Sohna court which remanded them to two days in police custody.

Justice Department Requests Supreme Court Remove Travel Ban Exception Protecting Certain Refugees
Last week, the lower court narrowed the scope of the travel ban for extended family members such as grandparents and refugees. By that point, the original 90-day travel ban will have lapsed and the 120-day refugee ban will have just a few weeks to run.

Penn State's James Franklin throws shade at Pittsburgh after 33-14 victory
But the offense, which gained just 312 total yards, took a backseat to the Penn State defense and special teams for a change. He quickly explained what he meant, that Penn State takes pride in treating every game like a championship game.