CCleaner was patched and therefore the server receiving the malicious code was stop working.
|
SecurityWatchThe regular and cloud-based versions of CCleaner, that has been downloaded over two billion time worldwide as of Nov 2016 and adds regarding five million new users every week, have since been patched and therefore the US-based server to that the malicious code sent system info has been shut down.
According to security researchers at Cisco Talos, who spotted the code, "the executable in question was the installer for CCleaner v5.33, that was being delivered to endpoints by the legitimate CCleaner transfer servers."
Cisco Talos says the malicious version of CCleaner was released on aug. 15; it notified Piriform—CCleaner's UK-based developer, that was acquired by Avast in July—on Sept. thirteen and therefore the server was shut down.
Piriform revealed that the malware collected system information—including lists of installed software and Windows updates, mac addresses of network adapters, pc names and information from the Windows registry key; all of that was sent to a remote server.
"The threat has currently been resolved within the sense that the rogue server is down, alternative potential servers are out of the control of the attacker, and we're moving all existing CCleaner v5.33.6162 users to the newest version [5.34]," Piriform's vice president of product, Paul Yung, said during a post. "Users of CCleaner Cloud version 1.07.3191 have received AN automatic update [to 1.07.3214]. In alternative words, to the most effective of our knowledge, we were ready to disarm the threat before it absolutely was able to do any harm."
While such info is not sensitive (i.e. it cannot be used to personally identify you), it's nonetheless helpful to hackers who need to get a better idea of the types of systems potential targets ar running.
Cisco Talos suspects the attack was possible thanks either to CCleaner's build environment being compromised or somebody with inside access. Piriform didn't instantly respond to a request for comment on the attack's distribution and wherever most affected systems were located.
Updated versions of CCleaner and CCleaner Cloud have since been released; users of the former should download version 5.34 of CCleaner if they've not already done thus, whereas CCleaner Cloud customers can have already received the update to 1.07.3214.