Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v and CCleaner Cloud v users were safe – we worked with download sites to remove CCleaner v, we pushed out a notification to update CCleaner users from v to v5.34, we automatically updated those where it was possible to do so, and we automatically updated CCleaner Cloud users from v to. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. We have no indications that any other data has been sent to the server. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3 rd party computer server in the USA. CCleaner Cloud v was released on the 24th of August, and updated with a version without compromised code on September 15. CCleaner cloud version was released on the 24 August 2017 and was also updated on 12 September 2017. 'The affected software (CCleaner v and CCleaner Cloud v) has been installed on 2.27M machines from its inception up until now,' Vlcek also added. Piriform CCleaner v was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. September 12 - Morphisec notifies Avast and Cisco of the suspicious CCleaner activity. September 11 - Morphisec customers share detection logs detailing CCleaner-related malicious activity with the company's engineers. “Issue Summary: The new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v and CCleaner Cloud v products, which may have been used by up to 3% of users, had been compromised in a sophisticated manner. August 24 - Piriform releases CCleaner Cloud v that also includes the Floxif trojan. It is, therefore, affected by a malicious backdoor that allows remote attackers to obtain sensitive information and install unauthorized software. No other Piriform or CCleaner products were affected. The version of Piriform CCleaner Cloud installed on the remote Windows host is equal to. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA.
Of course, everything is speculation until the actual reason is determined or disclosed. CCleaner Cloud v was released on the 24th of August, and updated with a version without compromised code on September 15. This compromise only affected customers with the 32-bit version of the v of CCleaner and the v of CCleaner Cloud. CConsiderations on the CCleaner incident There are many possibilities for how Piriform could have been exposed that resulted in malicious versions of CCleaner (version ) and CCleaner Cloud (version ) being distributed from their servers. Pinform reportedly resolved this quickly and believe no harm was done to any users. It is estimated that 2.27 million people used the affected software. It was discovered determined that older versions of Piriform CCleaner v and CCleaner Cloud v had been compromised.
0 kommentar(er)
