Hackers hid malware in CCleaner antivirus software
19 September, 2017, 00:33 | Author: Elaine Woods
"By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates", said Cisco Talos researchers, who discovered the threat, in a blog post.
CCleaner cleans up junk programs and advertising cookies to speed up devices - but users who downloaded in August got something extra.
Attackers could use infected machines "for any number of malicious purposes" as there are capabilities in the malware to download and run second-stage payloads; possibly to steal personal and financial information.
The spread of the malware is likely to have been restricted by Cisco's early intervention and Piriform/Avast's quick action in forcing the shut-down of the C&C server in question and releasing an updated version of the affected tool: CCleaner 5.34.
"We resolved this quickly and believe no harm was done to any of our users".
It gathers information like your IP address, computer name, a list of installed software on your computer, a list of active software and a list of network adapters and sends it to a third-party computer server.
Piriform said in a news release that it had worked with USA law enforcement to shut down a server located in the United States to which traffic was set to be directed.
Race to rescue survivors from ruins of Mexico quake
Residents sleep in a shelter in the aftermath of a massive quake , in Juchitan, Oaxaca state, Mexico , late Friday, Sept. 8, 2017. The 8.1 quake off the southern Pacific coast just before midnight Thursday toppled hundreds of buildings in several states.
Now it is not surprising to see carefully selected language and phrases used throughout an announcement like this because the company has a legal position to maintain.
All you wanted was a faster computer.
Yung declined to speculate on how the code appeared in CCleaner or where the attack originated from.
He apologised for any inconvenience that had been caused and said the company's investigation into the attack was "ongoing". "We want to thank the Avast Threat Labs for their help and assistance with this analysis". Previous research has showed that the overwhelming majority of security bugs would be rendered useless if people would use Standard/Limited accounts instead of Administrator accounts by default.
It's uncertain how the malware was slipped into CCleaner, a utility program that Piriform said has been downloaded some 2 billion times since it was first released in 2003. In total more than two million users downloaded the two affected versions. In cases where the samples found by Talos did successfully communicate with the C&C server, they would generate a system profile of the computer they had infected and post it back to the server.
Trusted software with compromised code and signed by a valid certificate is scary stuff.
Cisco Talos says the malicious version of CCleaner was released on August 15; it notified Piriform-CCleaner's UK-based developer, which was acquired by Avast in July-on September 13 and the server was shut down.
The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.
Clemson piled up 578 yards of total offense, including 297 on the ground, in a 47-21 victory at Louisville on Saturday night. Kansas State and Stanford exited my top 25 this week, replaced by San Diego State at 22 and Vanderbilt at 25.
The GIF splices clips of Trump swinging a golf club and Clinton falling after appearing to be struck in the back by a golf ball. In the ensuing social media frenzy, CNN issued a statement denouncing Trump's decision to tweet the video.
Putin also called for the re-implementation of global law and dialogue among concerned parties over the North Korea issue. A THAAD battery is known to require at least six rocket launchers, also involving a fire control and communications unit.
Energy Information Administration , both hurricanes led to higher than average gas prices over the last couple of weeks. Alaska, California, Hawaii, Montana and Utah saw average prices rise slightly, but should see relief in the weeks ahead.
Needless to say, he is one of Everton's main threat in the match. "I said several times last season he is a real finisher. We don't expect to see a lot of goals in this game, and hence, we have picked less than 2.5 goals as our prediction.
The legislation, which might never make it into law because it still has to be signed by the governor, is authored by state Sens. Lawmakers reached a deal on the proposal after resistance from law enforcement officials and Gov.
An ESPN spokesperson did not immediately respond to a request for comment about Sanders calling for Hill to be fired. Her critiques of Trump continued , calling his ascendancy to the White House the result of white supremacy.
The two-year swap rate rose 2 basis points to 2.15 percent while the 10-year swaps rose 3 basis points to 3.05 percent. The pound meanwhile steadied Monday awaiting British MPs first vote on a bill to end Britain s membership of the EU.
Google launches, 'Tez', UPI based wallet and payments app
The app doesn't charge any amount of money on transactions and is much different from the prevalent mobile wallets in the nation. Make sure to choose Google account to get notifications, verification and everything related to your new Google Tez account.
NASA sees Hurricane Jose in between Bahamas and Bermuda
The hurricane center shows tropical storm-force winds affecting the central and northern North Carolina coast by Sunday morning. USA Today said on Thursday the storm was likely to shift northward, edging the Mid-Atlantic as it tracked up the coast.
Ryan Global School in Mumbai gheraoed
Thakur also sought setting up of a committee to inquire into the lapses leading to the death of his child. The two were produced before a Sohna court which remanded them to two days in police custody.