teknolojiarsivi.com March 18, 2018

Glitch in Cyber Security App CCleaner Leaves 2.3 Million Users Infected

20 September 2017, 12:54 | Vickie Mathis

The affected version of CCleaner. Credit Cisco Talos

CCleaner screenshot provided by Cisco Talos

The company says it released safe versions of both programs within three days, but the modified version of the software had been available for a month.

Billing itself the "world's most popular PC cleaner and optimisation tool", Avast's CCleaner is trusted by consumers to speed up PC and smartphone performance by removing unneeded/necessary files.

Piriform, the company behind CCleaner, is adamant that no sensitive data has been targeted, and confirms that it has now shut down this server before any known harm could be done. CCleaner does not have an auto-update system, so users must download and install CCleaner 5.34 manually.

Cisco Talos, who first spotted CCleaner's vulnerability before informing Piriform, said that the compromised software may have already affected millions of users, and the extent of the damage done by the attack is still unclear. Meanwhile, the fixed version of CCleaner (version 5.34) was released on September 15th. The antivirus company said that only 2.27 million users were affected, and this was mainly because only the 32-bit version of the application was infected. However, it added that the malware also downloaded a second stage payload this server but its functionality is unclear due to encryption. It can also allow other forms of malware, such as ransomware and keyloggers, to make their way onto a victim's computer.

As far as the malware was concerned, once it had gained access to a Windows system, it ascertained whether the user in question was running as admin or not; if the latter, then the malware terminated its activity.

Popular "junk" wiper and maintenance software CCleaner has been subject to a hack that could potentially affect billions of users worldwide, according to security firm Talos.

If you are running CCleaner you should update it to the latest version (5.34); CCleaner does not auto-update.

"At this stage, we don't want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it", Yung stated.

"If even a small fraction of those systems were compromised, an attacker could use them for any number of malicious purposes", said Cisco Talos researcher Edmund Brumaghin in a blog post.

Other News

Trending Now

Spurs' UCL clash with Dortmund will be like a final - Mauricio Pochettino
But despite the intimidating opposition, Pochettino wants his side to make a fast start to the campaign. I think we have to do better at home, and that's something we've got to learn from this year.

Three tips for consumers confronting data breach
The intruders also accessed dispute documents with personal identifying information for about 182,000 consumers. The same banks that furnish much of the bureaus' credit data also use it to make lending decisions.

Roy Hodgson sets sights on Crystal Palace survival
Roy Hodgson is confident of turning Crystal Palace's fortunes around - but admits things may get worse before they get better. A lovely effort from Manolo Gabbiadini against West Ham , and a tap in from Steven Davis against Crystal Palace .

Hillary Clinton says she's 'done with being a candidate'
This is really tough. "I'm a former first lady, and former presidents and first ladies show up", Clinton said. "It's real. PAULEY: But you offended some people who didn't personally feel deplorable at all . "It didn't matter to them".

Centre files affidavit in Supreme Court terming Rohingyas threat to national security
The Principle of Non-Refoulement prohibits states from sending back refugees to a country where their life may be in danger. The Centre claimed that India can not be held to the provisions of the conventions mentioned by the refugees.

Hurricane Irma's Caribbean destruction seen from space
Irma was downgraded to a tropical storm on Monday, after it had wreaked havoc along Florida's west coast. Water levels are expected to rise between 10-15ft in the areas at risk.

International Olympic Committee : N.Korea Crisis So Far No Threat to Pyeongchang Olympics
This contact continues", Bach said. "On the contrary, we could feel support for our position". The IOC had said it did not want to create any "losers" in this process.

Parliament in Irbil backs independence referendum
Kirkuk is home to sizeable Arab and Turkmen populations and lies outside the official boundaries of the Kurdistan region. It is clear that the Iraqi authorities can maximally grant a broader autonomy to the Iraqi Kurds seeking independence.

WWE Posts Storyline Update on Vince McMahon
Last summer he appeared on Eric Bishoff's podcast, Bischoff on Wrestling , and explained why Owens is such a special talent. During a segment with Kevin Owens , The Chairman Of The Board got demolished.

Senate Rejects Attempt To Repeal 16-Year-Old War Authorization
The White House, however, isn't looking for changes to the 2001 authorization, according to Legislative Director Marc Short. Among those critical of the amendment were Senators Jack Reed (D-RI), John McCain (R-AZ), and Bob Corker (R-TN).