Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
2-min read

Hackers Compromised Free CCleaner Software, Avast's Piriform Says

CCleaner is the main product made by London's Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.

Reuters

Updated:September 19, 2017, 9:34 AM IST
facebookTwitterskypewhatsapp
Hackers Compromised Free CCleaner Software, Avast's Piriform Says
At U.N., Britain to Push Internet Firms to Remove Extremist Content Quicker (Representative image: Reuters)
Loading...

Hackers broke into British company Piriform Ltd's free software that optimises computer performance last month, potentially allowing them to control the devices of millions of users, the company and independent researchers said on Monday. More than 2 million people downloaded tainted versions of Piriform's program, which then directed the computers to get instructions from servers under the hacker's control, Piriform said. Piriform said it worked with law enforcement and cut off communication to the servers before any malicious commands were detected. This came after security researchers at Cisco Systems Inc and Morphisec Ltd alerted Piriform's parent Avast Software of the hack last week.

The malicious program was slipped into legitimate software called CCleaner, which cleans up junk programs and advertising cookies to speed up devices. CCleaner is the main product made by London's Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner. A version of CCleaner downloaded in August and September included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorised programs, security researchers at Cisco's Talos unit said.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June's “NotPetya” attack on companies that downloaded infected Ukrainian accounting software. "There is nothing a user could have noticed," Williams said, noting that the optimisation software had a proper digital certificate, which means that other computers automatically trust the program. In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said. Only the cloud version could be updated automatically to remove the bad code. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said. CCleaner does not update automatically, so those who installed the problematic version will need to delete it and install a fresh version, he said.

He also recommended running an antivirus scan. Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. Piriform said in a news release that it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed. It said the server was closed down on Sept. 15 "before any known harm was done." Avast said little about the breach, posting nothing on its Twitter account in the 12 hours after the announcement and displaying nothing on its main webpage.

Piriform's news release and technical blog post did not mention Cisco or its partner Morphisec, instead crediting Avast with discovering the still-unexplained compromise. After the controlling web addresses were seized, Cisco saw 200,000 attempts to connect to them.

Watch: The Tech And Auto Show Episode 13

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.

| Edited by: ---
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Loading...
Countdown To Elections Results
To Assembly Elections 2018 Results