Microsoft does not recommend or even support the use of registry cleaners. Luckily, we have a diverse ecosystem in security, but think about what could happen if we had a monolithic ecosystem with just a single security vendor? Anyone making a trojanized version of a popular application would only have to bypass that single security product.įor one reason or another, people feel the need to “clean up” their registry, although it rarely results in improved performance.
CCLEANER FROM PIRIFORM SOFTWARE
This is worrisome because it demonstrates how popular software that is compromised can have a worldwide impact. But given that these countries are rather large and when we assume a normal worldwide distribution of the CCleaner application, it means that every country has approximately the same percentage of people affected. When we look at the telemetry ESET collected from its participating customers, we see detections of this trojanized version of CCleaner totaling 338,000 detections, with the top 10:Īgain this applies to the 32-bit version whereas the majority of users nowadays run 64-bit systems. So how many machines were affected is unknown. The final impact of the trojanized CCleaner still is unknown as the C&C server had already been shut down. While M.E.Doc’s compromised accounting software wasn’t spread that widely compared to CCleaner, the impact of that payload (DiskCoder.C) in affected corporates was significant. Depending on the popularity of the software being targeted, the impact can be significant. It could happen to anyone, so we'd better learn from the existing examples of how it was done, to build better protection against these kinds of attacks. The latter is important, because attacks such as these - so called supply chain attacks - are still rare, but on the rise.
Was it only this version the cybercriminal(s) could get digitally signed? Perhaps in the (near) future, the company concerned will discover and publish the ins and outs of this for all to learn and to see if such an attack could have worked in your company as well. Why only the 32-bit versions were trojanized remains, for now, a mystery. This is weird, as the effect would have been significantly more dramatic if also the 64-bit version had also been backdoored. Regardless of how Piriform was breached, for a tool as widely downloaded as CCleaner, with a userbase running into the hundreds of millions, there will be a large impact worldwide, even though only the 32-bit version was affected. "Why only the 32-bit versions were trojanized remains, for now, a mystery. There can be many more (unlikely) scenarios, even those we didn’t even think of yet. This is less likely as the trojanized version was digitally signed thus is would involve an additional breach.
CCLEANER FROM PIRIFORM DOWNLOAD
A compromised ISP or proxy redirecting a download from the real download site via an HTTP redirect to a temporary location with the trojanized version, similar to the recently discovered new FinFisher campaign.An external hack would make this another supply chain attack, as with E.Doc and the distribution of DiskCoder.C.
A disgruntled employee: after Avast acquired Piriform, perhaps someone didn’t feel appreciated, someone had to leave or someone didn’t like working for Avast and put in a backdoor.This article discusses a few of the possible scenarios that could have led to this worldwide security incident.Īny of the following are security lapses that could have occurred to cause this incident (in no particular order): Of course, everything is speculation until the actual reason is determined or disclosed. There are many possibilities for how Piriform could have been exposed that resulted in malicious versions of CCleaner (version ) and CCleaner Cloud (version ) being distributed from their servers. Yes, the incident that is currently widely publicized is used, but only as an illustration to some deeper understanding and considerations to understand the problem and potential prevention. Before you start reading: if you think we are going to misuse the CCleaner incident in this article to ESET’s advantage, you will be disappointed.
0 kommentar(er)
