CCleaner Malware Incident - What You Need to Know and How to Remove

Hackers hid malware in CCleaner antivirus software

Hackers hid malware in CCleaner antivirus software

Ccleaner, the hugely popular free software which speeds up computers, has been hacked, and users of the affected versions could become infected with ransomware and other malware, according to a Reuters report.

Researchers from Cisco Talos discovered that the download servers used by Avast were compromised by some unknown hackers who replaced the original software with malicious one and distributed it to all users for over a month. There have been more than 2 billion downloads of CCleaner worldwide, so the potential impact of the malware is huge.

"This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world", Talos researchers Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams wrote today on the Talos blog.

Regardless of what version you're running, you should make sure your CCleaner is now up to date.

In this case, the software's update servers were compromised to deliver malware to victims and Piriform was hosting the malicious software itself.

Snapchat blocks Al Jazeera in Saudi Arabia at government's request
Alongside the United Arab Emirates, Egypt and Bahrain, Saudi Arabia imposed a blockade on Qatar in June, in the worst diplomatic crisis to roil the Gulf in years.

"The compromise could cause the transmission of non-sensitive data...to a 3rd party computer server in the U.S.", the company said.

A bug in the malware code prevented the software from using the IP address created by the domain-generation algorithm-the code never accessed the address it created and may have simply been an incomplete feature meant to be updated later.

Those who downloaded version 5.33 of CCleaner between August 15 and September 12 may well have the Floxif malware hiding on their machine. Avast Piriform believes that the security threat was contained and tackled before the breach was able to harm any customers.

The virus experts said that affected systems need to be reinstalled or restored to a state before August 15.

Separate analysis by Cisco's Talos security group suggests whoever was behind the attack on CCleaner had managed to get access to the server Piriform used to host new versions of the software.

Founder of Rolling Stone puts magazine up for sale
It's now the biggest distributor of instruments and audio equipment in Southeast Asia. GotNews' reporting was used throughout the trial against Rolling Stone .

As Cisco researchers noted: "The presence of a valid digital signature on the malicious CCleaner binary may be indicative of a larger issue that resulted in portions of the development or signing process being compromised".

The postal and telecommunications recommends that you temporarily unable to use the program "CCleaner". CCleaner Cloud is also automatically updated.

The methods used by the attackers, described in great detail at the Talos blog, were very sophisticated with lots of countermeasures taken in order to avoid detection.

"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it". CCleaner Cloud users should download a recently pushed out update, version 1.07.3214, in order to ensure they are safe.

He apologised for any inconvenience that had been caused and said the company's investigation into the attack was "ongoing".

Republicans Making One Last Push to Repeal and Replace Obamacare
But some of the same GOP senators who blocked various stages of earlier repeal efforts are withholding their support. McConnell plans to take the temperature of his leadership team and his entire conference over the next few days.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.