| Developers: | Piriform |
| Last Release Date: | 2019/05/22 |
Content |
CCleaner is the conditional and free utility intended for cleaning and optimization of operating systems. The program is developed British kompaniyeypiriform (afterwards there were acquisitions of Avast antiviruses by the developer) and written on C ++.
2019: CCleaner v5.57 with the Simple Cleaning function
On May 22, 2019 it became known that the Piriform Software company added the Simple Cleaning function to the product CCleaner. Simple cleaning is the simplified item collection of management which helps to configure necessary settings in the course of cleaning.
In addition to the intuitive interface "Simple Cleaning" reports in language clear to the user what files are cleaned. For example, temporary Temporary Internet Files are called the files which remained after visit of websites.
"Simple cleaning" will open by default at the first start of CCleaner. The original version — Standard Cleaning — will also be available. Developers did not begin to make any changes to its interface — those users who got used to work with it, will be able to continue without problems.
2017
The list of the companies affected by CCleaner cracking is published
As it became known on September 26, 2017, the Avast company during the investigation of cracking of the CCleaner utility made the complete list of the organizations whose systems were infected as a result of an incident. As researchers managed to find out, computers of a number of the organizations were infected with one more backdoor, in addition to the malware Floxif.[1]
With assistance of law enforcement agencies and ServerCrate hosting provider the rezervnyyserver of malefactors with IP address 216.126.225.163 to which they sent the copy of the database about the infected computers was succeeded to take Avast under control. The server was started on September 12, 2017. As the result, in hands of researchers appeared the complete list of the infected computers (except for the 40-hour period when the server was switched-off). In total hackers managed to infect 1,646,536 computers, at the same time 40 of them were infected with the additional malware.
According to the acquired information, the greatest number of the infected computers (13) was in network of Taiwan internet- Chunghwa Telecom provider, 10 — in the Japanese IT company NEC, 5 — in network of the company Samsung. In networks Asus, Fujitsu Sony about 2 computers infected with the additional malware were also revealed. In networks IPAddress.com, O2, Gauselmann, Singtel, Intel VMWare about 1 infected computer was also revealed.
At the same time not all attempts of malefactors to attack the companies Google Microsoft HTC, Samsung, Intel, Sony, VMWare, O2 Vodafone Linksys Epson MSI Akamai D-Link, Oracle (Dyn), Gauselmann and Singtel were successful.
Besides, thanks to information detected on a standby server it became clear that till September 10 the list of the target companies was slightly another and included HTC, Linksys, Epson, Vodafone, Microsoft, D-link, Gmail, Akamai, MSI, Cisco, Cyberdyne, Tactical Technologies Inc. (TTI) and GoDaddy.
Avast also detected certificates that the attacks were performed from China. Earlier experts of Kaspersky Lab and Cisco connected cracking of CCleaner with the Chinese hacker Axiom grouping.
Infection with a virus
On September 18, 2017 it became known of infection with a virus of the software of CCleaner. About 2.3 million users were victims.
According to the statement of Piriform, hackers managed to implement a malicious code in the version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 for Windows which appeared in August, 2017 and are downloaded in number of 2.27 million and 5 thousand copies respectively. The general audience of CCleaner exceeds 130 million users.
Specialists tell that studying the official version of CCleaner 5.33, they noticed that the application contacts the suspicious domain. As it appeared, Floxif malware working only at the 32-bit systems from under an account of the administrator was responsible for it. Malvar collects all data on the infected machine (information on a system, the started processes, the MAC addresses of network devices and unique ID of component parts), and then transfers them to a remote server of malefactors. At the same time the malware is capable to download and start additional binary files though according to researchers, any infected host did not undergo the second phase of the attack, i.e. Floxif did not load additional peyloada on the infected devices[2].
As a result of the hacker attack such user data as names of computers, the IP addresses and the list of the installed programs were stolen. This information went to the server of malefactors located in the USA.
According to experts of Talos, hackers used an algorithm of generation of the domain (Domain Generation Algorithm, DGA) for creation of new domains and the subsequent transfer of the stolen data if the server of malefactors will fail. Such approach indicates professionally organized attack, specialists note. At the same time users could not notice third-party intervention as the program had a digital certificate of trust.
The researcher from Talos company Craig Williams reported that the attack became known at an early stage when hackers collected information and did not manage to use vulnerability for installation of the new malware on computers of the victims yet.
In the middle of September, 2017 Piriform released the patches eliminating vulnerability for the cracked versions (the CCleaner Cloud program was updated automatically), and the server of hackers was switched-off.
Nobody undertook responsibility for cracking. The version expresses that the harmful element was implemented in a system by someone directly related to development of CCleaner.[3]
On September 13, 2017 the version of CCleaner 5.34 and also updating 1.07.3214 for CCleaner Cloud which do not contain a malicious code was released. To all users it is strongly recommended to be updated as soon as possible as function of autoupdating is not provided in CCleaner.
Representatives of Avast reported that the infected Floxif of the version of CCleaner managed to extend to 2.27 million computers (these are only about 3% of users of the utility). However believe in the companies that thanks to the left updates which "neutralized" malvar, users already in security.
It is possible to be checked for infection rather simply: it is necessary to find in the register of HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo and to check whether the MUID and TCID elements contain there. If yes is a symptom of infection of Floxif.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |