Hello All! One of the tech industries favorite tools, CCleaner by Piriform, has had malicious code detected in two different versions of its software. Piriform, which is owned by Avast, is used by over 400 million customers. CCleaner is a very helpful program that rids computers, PC & Mac, of temporary files and registry issues.
The malware that allows hackers to take control of CCleaner effects more than 2 million users. The two versions of the program that are effected were illegally modified before they were released to the public, per Piriform.
Paul Yung, VP of Piriform, has stated ” to the best of our knowledge, we were able to disarm the threat before it was able to do any harm”. He also stated that the threat has been neutralized because the rogue servers are no longer in play or under control of the hackers.
However, more drastic recommendations have been made if you had the bad versions of CCleaner installed. Wiping your machine is the suggestion by many in the industry, including myself. The problem is, even after updating CCleaner to the safe version, the malware remains present. Furthermore, it has been suggested to take it a step further, after performing a format reinstall you should not restore files any later then the date of August 15th, 2017.
“For most threats, there are security practices users can take in order to lower the chances of getting infected,” said Itsik Mantin, director of security research at Imperva. “In this case, there was really nothing the victims could do,” he told the E-Commerce Times. “The software was properly signed, so they had every reason to trust it. The malicious aspect of the software allowed for remote administration of a machine that had the compromised version of CCleaner installed,” he told the E-Commerce Times. “An attacker would have full access to the system, including anything a user did while logged on, such as inputting credit card information to a shopping site,” Wenzler explained, “or user names and passwords when logging in anywhere.”
“The threat was mitigated quickly by the software vendor before they believe any harm was done,” noted David Pickett, a security analyst with AppRiver. “The data exfiltrated to command servers was computer names, IP addresses, list of installed and active software, and a list of network adapters,” he told the E-Commerce Times. “They don’t believe any sensitive user information was obtained — such as credit card numbers, social security numbers or the like,” Pickett added.
The threat was real but limited, according to Chris Roberts, chief security architect at Acalvio. “It was a ‘first step’ type of thing, where the actual launching of an attack to harvest data wasn’t finalized,” he told the E-Commerce Times.
I always like to touch base on what we are seeing in the trenches as technicians everyday. If you had the infected version, CCleaner v5.33.6162, it is a good idea to have us come out and pickup your machine for a format reinstall.
The Nerds are here to save you. If you need Computer repair or IT Support in Austin or in San Antonio, Call 877-250-8575 or you can book online by going to NerdsinaFlash.com and click the “Book Now” button in the upper right hand corner.
Article referenced by TechNewsWorld.
