In our view, it was a well-prepared operation and the fact that it didn’t cause harm to users is a very good outcome, made possible by the original notification we received from our friends at security company Morphisec (more on this below) followed by a prompt reaction of the Piriform and Avast teams working together. "The CCleaner compromised version was released on August 15 and went undetected by any security company for four weeks, underscoring the sophistication of the attack. In their blog post Avast confirms Morphisec's important role : Customer safety is our top concern,” Gorelik emphasizes. As part of our responsible disclosure policy, we immediately contacted Avast and shared all the information required for them to resolve the issue promptly. “A backdoor transplanted into a security product through its production chain presents a new unseen threat level which poses a great risk and shakes customers’ trust. Immediately after the initial investigation, Morphisec notified all of its customers and reported its findings to Avast to help the company identify the issue. An updated version of CCleaner 5.34 - which was released at Septemdid not include any malicious code. We were gratified to see that we prevented the attack and how our Endpoint Threat Prevention solution keeps our customers safe,” remarks Michael Gorelik VP R&D at Morphisec. “ Morphisec’s unique Moving Target Defense cyber security solution first stopped the malicious file at one of our customers in Singapore. On September 11, 2017, some customers shared their logs of the prevented attacks with Morphisec, which our team immediately started to investigate.ġ.) Inclusion of Avast reference to Morphisec help.Ģ.) The CCleaner compromised version was discovered and reported by both Morphisec and Cisco in separate in-field cases and reported separately to Avast.Īlthough the executables were signed by the original Piriform company – which was purchased by Avast in July - version 5.33 of CCleaner exhibited internal code injection behavior and reflective DLL loading directly into memory. Morphisec identified and prevented malicious CCleaner.exe installations on August 20 at customer sites. Morphisec was the first to uncover the CCleaner Hack and notify Avast. In addition, the CCleaner cloud version 1.07 was affected. According to Avast, some 2.27 million users were running the weaponized version 5.33 of CCleaner. As widely reported today, the Avast-owned security application CCleaner was illegally modified by hackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |