Hackers use CCleaner as malware host, affects 2.27 million users

Hackers use CCleaner as malware host, affects 2.27 million users

Hackers use CCleaner as malware host, affects 2.27 million users

Researchers from Cisco Talos discovered that the download servers used by Avast were compromised by some unknown hackers who replaced the original software with malicious one and distributed it to all users for over a month.

The company said it first noticed the issue on September 12 and released safe versions of both programs within three days, but the modified version of the software had been available for a month. CCleaner is free software that can improve the performance of a computer. Piriform says that it's resolved the threat by making sure the rogue server is down and others are out of the hacker's purview. The hackers also used what's known as a domain generation algorithm (DGA), which is capable of creating new domains to send and receive stolen data after the original server went down.

Avast's CTO Ondrej Vlcek declined to speculate on the hackers' intentions for the data being harvest by the malware - saying he could not comment on account of an law enforcement investigation now underway. In view of these two factors, they said it was likely that an external attacker had compromised a part of the CCleaner development or build environment and inserted malware into the CCleaner build.

Gas prices in Lancaster County recede 4.1 cents per gallon
Alaska, California, Hawaii, Montana and Utah saw average prices rise slightly, but should see relief in the weeks ahead. The state average was 3 cents less than a week ago, yet remained 52 cents more than this time past year .

However, that still means downloads of CCleaner in the four weeks since its release on 15 August and downloads of CCleaner Cloud in the three weeks since its release on 24 August were compromised.

"We have no indications that any other data has been sent to the server", the company said, adding that working with USA law enforcement, the affected server was shut down on the 15 September "before any known harm" was done.

In the meantime, they have already made download sites remove CCleaner v5.33.6162, they pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, and automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214. It noted that Piriform claims CCleaner was downloaded more than 2 billion times as of November 2016, with 5 million new users a week. Piriform said it's working with USA law enforcement to determine who was responsible for the bug.

Ashmore Group plc 10% Potential Upside Indicated by Macquarie
Barclays PLC restated an "overweight" rating on shares of Astrazeneca PLC in a research report on Monday, July 3rd. The stock of TT Electronics plc (LON:TTG) has "Buy" rating given on Wednesday, April 12 by Liberum Capital.

In a blog post, Talos said it had notified Avast, the owners of CCleaner, about the issue on 13 September. Piriform did not immediately respond to a request for comment on the attack's distribution and where most affected systems were located.

"At this stage, we don't want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", Piriform wrote on its blog.

"Again, we would like to apologize for any inconvenience this incident could have caused to our clients; we are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products". The team found that the legitimate version of the software contained malware that would operate in the background of a user's computer.

Minutes: Bannon Declares War On Trump's GOP Critics
Bannon said institutions such as the Senate and House of Representatives can be changed "if the leadership is changed". Bannon said he believes the Republican establishment is now working on a plan to fix Obamacare, not replace it.

Related news