So how many machines were affected is unknown. The final impact of the trojanized CCleaner still is unknown as the C&C server had already been shut down.
#CCLEANER MALWARE ISSUE SOFTWARE#
While M.E.Doc’s compromised accounting software wasn’t spread that widely compared to CCleaner, the impact of that payload (DiskCoder.C) in affected corporates was significant. Depending on the popularity of the software being targeted, the impact can be significant. It could happen to anyone, so we’d better learn from the existing examples of how it was done, to build better protection against these kinds of attacks. The latter is important, because attacks such as these – so called supply chain attacks – are still rare, but on the rise. Was it only this version the cybercriminal(s) could get digitally signed? Perhaps in the (near) future, the company concerned will discover and publish the ins and outs of this for all to learn and to see if such an attack could have worked in your company as well. Why only the 32-bit versions were trojanized remains, for now, a mystery. This is weird, as the effect would have been significantly more dramatic if also the 64-bit version had also been backdoored. Regardless of how Piriform was breached, for a tool as widely downloaded as CCleaner, with a userbase running into the hundreds of millions, there will be a large impact worldwide, even though only the 32-bit version was affected. “Why only the 32-bit versions were trojanized remains, for now, a mystery.
There can be many more (unlikely) scenarios, even those we didn’t even think of yet. This is less likely as the trojanized version was digitally signed thus is would involve an additional breach.
#CCLEANER MALWARE ISSUE DOWNLOAD#
A compromised ISP or proxy redirecting a download from the real download site via an HTTP redirect to a temporary location with the trojanized version, similar to the recently discovered new FinFisher campaign.An external hack would make this another supply chain attack, as with E.Doc and the distribution of DiskCoder.C. A disgruntled employee: after Avast acquired Piriform, perhaps someone didn’t feel appreciated, someone had to leave or someone didn’t like working for Avast and put in a backdoor.This article discusses a few of the possible scenarios that could have led to this worldwide security incident.Īny of the following are security lapses that could have occurred to cause this incident (in no particular order):
Of course, everything is speculation until the actual reason is determined or disclosed. There are many possibilities for how Piriform could have been exposed that resulted in malicious versions of CCleaner (version ) and CCleaner Cloud (version ) being distributed from their servers. Yes, the incident that is currently widely publicized is used, but only as an illustration to some deeper understanding and considerations to understand the problem and potential prevention. Regardless of how Piriform was breached, for a tool as widely downloaded as CCleaner, with a userbase running into the hundreds of millions, there will be a large impact worldwide, even though only the 32-bit version was affected.īefore you start reading: if you think we are going to misuse the CCleaner incident in this article to ESET’s advantage, you will be disappointed.
0 kommentar(er)
