Post by Babel-17 on Sept 21, 2017 9:36:40 GMT -5
fortune.com/2017/09/18/ccleaner-hack-what-you-should-know/
time.com/4946576/ccleaner-malware-hack/
it.slashdot.org/story/17/09/18/140251/avasts-ccleaner-free-windows-application-infected-with-malware
blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident
blog.avast.com/progress-on-ccleaner-investigation
time.com/4946576/ccleaner-malware-hack/
it.slashdot.org/story/17/09/18/140251/avasts-ccleaner-free-windows-application-infected-with-malware
blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident
Customers are advised to update to the latest version of CCleaner, which will remove the backdoor code from their systems. As of now, CCleaner 5.33 users are receiving a notification advising them to perform the update.
We deeply understand the seriousness of the situation, as we do with all security threats. We regret the inconvenience experienced by Piriform’s customers. To reiterate, we accept responsibility for the breach and have implemented the following actions and precautions:
The server was taken down before any harm was done to customers
We worked immediately with law enforcement to identify the source of the attack
We took multiple steps to update our customers who had the affected software version
We disclosed everything that happened in a blog when we were cleared to do so
We migrated the Piriform build environment to the Avast infrastructure, and are in the process of moving the entire Piriform staff onto Avast internal IT system.
We plan to be issuing more updates on this as we go. We have made it our highest priority to properly investigate this unfortunate incident and to take all possible measures to ensure that it never happens again.
This blog post has been updated here.
We deeply understand the seriousness of the situation, as we do with all security threats. We regret the inconvenience experienced by Piriform’s customers. To reiterate, we accept responsibility for the breach and have implemented the following actions and precautions:
The server was taken down before any harm was done to customers
We worked immediately with law enforcement to identify the source of the attack
We took multiple steps to update our customers who had the affected software version
We disclosed everything that happened in a blog when we were cleared to do so
We migrated the Piriform build environment to the Avast infrastructure, and are in the process of moving the entire Piriform staff onto Avast internal IT system.
We plan to be issuing more updates on this as we go. We have made it our highest priority to properly investigate this unfortunate incident and to take all possible measures to ensure that it never happens again.
This blog post has been updated here.
Large technology and telecommunications companies were targeted
Following the take-down of the CnC server and getting access to its data, the Avast Security Threat Labs team has been working around the clock to investigate the source and other details of the recent Piriform CCleaner attack. To recap, the attack affected a total of 2.27M computers between August 15, 2017 and September 15, 2017 and used the popular PC cleaning software CCleaner version 5.33.6162 as a distribution vehicle. Today, we would like to report on the progress so far.
First of all, analysis of the data from the CnC server has proven that this was an APT (Advanced Persistent Threat) programmed to deliver the 2nd stage payload to select users. Specifically, the server logs indicated 20 machines in a total of 8 organizations to which the 2nd stage payload was sent, but given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds. This is a change from our previous statement, in which we said that to the best of our knowledge, the 2nd stage payload never delivered.
Following the take-down of the CnC server and getting access to its data, the Avast Security Threat Labs team has been working around the clock to investigate the source and other details of the recent Piriform CCleaner attack. To recap, the attack affected a total of 2.27M computers between August 15, 2017 and September 15, 2017 and used the popular PC cleaning software CCleaner version 5.33.6162 as a distribution vehicle. Today, we would like to report on the progress so far.
First of all, analysis of the data from the CnC server has proven that this was an APT (Advanced Persistent Threat) programmed to deliver the 2nd stage payload to select users. Specifically, the server logs indicated 20 machines in a total of 8 organizations to which the 2nd stage payload was sent, but given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds. This is a change from our previous statement, in which we said that to the best of our knowledge, the 2nd stage payload never delivered.