From the nearly 2.27 million systems that installed the impacted CCleaner, only 40 systems were infected, and most of the systems that installed the impacted CCleaner got an auto-update from Avast that removed the malicious version - showing one perk of auto-updates. Morphisec notified Avast of suspicious connections from CCleaner, prompting an investigation.Īny time an enterprise is notified of an attack that it didn't internally detect, it is a bit concerning, but not surprising. Given that CCleaner is used so widely, it's a target for a watering hole attack.Ī recent watering hole attack was disclosed in detail by Avast Software, Morphisec and Cisco, and it described how an attacker was able to gain access to Piriform Software Ltd.'s software development environment to add malware to the legitimate CCleaner software - Avast acquired Piriform last summer. CCleaner software is usually only installed on a few endpoints in an enterprise, but the organization could lose track of the software. Sometimes, the help desk will use tools to investigate an endpoint that may have been infected with malware, and one of those tools is CCleaner. Some software may be managed by the enterprise, some may be used by the help desk to fix systems, and some may be used by employees without the knowledge or approval of the enterprise IT department. One common security recommendation is to know what software or systems your enterprise is using so that you know what needs to be secured. Removing the registry entry, uninstalling CCleaner, running AV scans and changing your passwords are all highly recommended but for those who want to be truly safe, the best course of action is to reinstall Windows from scratch.Īs it goes without saying that this is not always feasible the above suggested actions should be completed as soon as possible.Software and supply chain security are critical parts of an enterprise's information security program. What should I do if I had the malicious CCleaner version Installed? This opening not only can send password information and company data but it may also have the ability to download and install other programs. If this registry key is still there then the Floxif infection was and still may be, sending information to the hackers. Within the key will be two values, one named MUID and other TCID, if you have them then you were infected by the Floxif infection How can I tell if I have the CCLeaner virus?įirst off, the backdoor created by CCleaner actually re-writes registry entries so the concern is that simply removing CCleaner will not close the hole.īut to tell if you did have an infected version of CCleaner, open up REGEDIT and look for a key located at HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo. The mention of these major domain names within the malware code indicates a much larger target at hand along with more sophisticated players. Upon further examination by security experts it was revealed that over 20 high profile domains were tagged within the malware for 2nd level payloads ( being one). The 32-bit installer of the v5.33 of CCleaner was maliciously modified to install a backdoor which not only sent information gathered on said computers, but also allowed for the receiving of additional malware payloads. How Bad was the CCleaner Hack? So bad that most security experts recommend that you completely remove and reinstall Windows if you had the afflicted CCleaner version installed What is CCleaner?ĬCLeaner is a free program that millions of people used to remove junky files from Windows computers with the goal of speeding them up and removing adware and cookies that monitor your behavior for commercial gain. How Bad was the CCleaner Hack… it’s Equifax Bad
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |