Since the only change I've made to my machine was the installation of CCleaner, it appears Avast AV installation file may have piggybacked on the CCleaner 3.34 (32-bit) download as the date and time of the installation are nearly identical. When I initiated a reboot – unrelated to the new CCleaner update since it's not required – Avast anti-virus software was automatically (and mysteriously) installed after the reboot. Last Tuesday (Sept 12), I downloaded the most recent version of the 32-bit CCleaner (v5.34) on a Windows 7 (32-bit) machine. Interesting news about CCleaner, which makes me wonder after an incident that occurred recently. Further details may be found at the report from Cisco Talos and at Bleeping Computer. AVAST intends to add a new signature to its antivirus scanners and will inform affected users. AVAST says, that 3 % of all CCleaner installs are effected – but this are 2.27 million affected machines. Newer versions of CCleaner are free of malware. The malware has been found in CCleaner version and CCleaner Cloud Version. According to the blog post, only 32 bit Windows version has been affected. Piriform has confirmed this incident today within a blog post. The installer was signed with a valid certificate. Talos assumes that the server through which the CCleaner installer was distributed was compromised. This happened from Augwith CCleaner 5.33 and from Augwith CCleaner Cloud 1.07. The malware then retrieved additional code from the malware server and transmitted data such as the IP address, computer name, installed software and existing network adapters to a server in the USA. This was published by a new report vom Cisco Talos. and Septemhas been delivered with an infected Floxif malware installer. Some versions of CCleaner app, downloaded between August 15. Some time ago, CCleaner was taken over by the Czech security company AVAST. This free system cleaner for Windows is often used by many users. : This story has been updated to include additional comment from Avast.My credo is: keep your fingers off to system cleaners – but many users swear at CCleaner from Piriform. "In many organisations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources." "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates," the Talos team wrote. Worryingly, it appears to be part of a growing trend. Accounting firm MeDoc unknowingly disseminated the malware through an automatic software update. When the Petya/NotPetya malware infected computers across Ukraine and the world in July, it was spread by an infected piece of software. While the spread of malware is common, the compromise of CCleaner is the second prominent incident this year where malicious code has been distributed by a legitimate-looking software update. "We disclosed everything that happened in a blog when we were cleared to do so," Steckler wrote. He added the CCleaner server was taken down before "harm was done to customers" and that the firm had worked with law enforcement officials to try and identify the source of the attack. Steckler said Avast had solved the problem "within approximately 72 hours of discovery". In a follow-up blog post Avast CEO Vince Steckler said people were interested in the CCleaner problems due to the publicity of the Equifax data breach. It also said it "disarmed the threat before it was able to do any harm". Overall the company believes that 2.27 million users had installed the affected version of the software on 32-bit Windows machines. "At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it," Piriform wrote on its blog.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |