He also shared that the company are taking steps internally to see that such a compromise does not happen again: The investigation is still ongoing. We want to thank the Avast Threat Labs for their help and assistance with this analysis."
"At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it.
In a second blog post with technical details of the compromise, Piriform's Vice President of Products Paul Yung, provides the following concerning the source of this malicious code and how it entered the normal release of a CCleaner update to users: They do admit that the compromise occurred but also want to minimize the overall impact and risk to customers. Now it is not surprising to see carefully selected language and phrases used throughout an announcement like this because the company has a legal position to maintain. " Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done." We have no indications that any other data has been sent to the server." "The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. "We resolved this quickly and believe no harm was done to any of our users." Throughout Piriform's blog post about this compromise the language is very consistent in how they indicated the impact of this compromise: Piriform worked with US law enforcement and had this third party server shut down on the 15th of September prior to releasing details of the compromise to allow the company to complete their initial assessment of the compromise.
The first clean version of CCleaner that users should now be using are Version 5.34 and respectively. The 32-bit version of CCleaner was available to end users between 15 August until 12 September while the CCleaner Cloud version was accessible between 24 August until 15 September. Two versions of the CCleaner software were compromised: In this statement Piriform states that their parent company Avast, whom acquired Piriform back in July of this year, discovered this compromise on 12 September and that it was a sophisticated attack. According to an announcement from Piriform today, they are the company who develops the popular and widely used Windows utility CCleaner, a version of this software that was available to users for about a month contained malicious code that would send system data about the end users machine to a third party server.
0 kommentar(er)
