Again, fortunately “the generated domains are not under the control of the attacker and does not pose any risk”, according to Piriform (do you still think this is a hacker’s job?)
#Ccleaner malware check generator#
Fortunately, according to both Cisco Talos and Piriform, the second-stage payload does not seem to be activated yet (hackers left something important unfinished? Really?) In case the connection between the infected computer and the external server cannot be established, the malware will try to use Domain Name Generator to redirect the traffic to a different location. Once the connection between the infected and the external server is established, a second-stage payload will be downloaded and be executed. When you launched the infected version of CCleaner, the malware will profile your system and then try to send the collected information to an external server.
#Ccleaner malware check update#
You should check your version of CCleaner, if yours is infected, then you will need to download a removal tool to remove the malware, then update CCleaner to the latest version, according to the Talos team. If Cisco Talos was the first detected and reported the malware, that it is very ironic that the leading anti-virus company Avast didn’t detect the malware in their own product, maybe it is the real reason the malware was injected in the first place. Don’t you think the timeline is very suspicious? I suspect some CCleaner developer(s) is/are not happy with the acquisition and secretly inject the malware to tarnish the reputation of CCleaner. My second reason is that CCleaner was acquired by Avast, a leading anti-virus company from Czech Republic, in July 2017, and one month later a malware-injected version was released and distributed from Avast server. If hackers got the access to that level, then they should have done something more lucrative then injecting malware, that is the first reason I believe it is not from hackers. The only explanation is the malware was injected during the development phase or the signing process of the software. However, no one reported the corrupted checksum, that means the malware was not injected after the binary executable was created.
#Ccleaner malware check install#
When you download the free version of CCleaner, you will be provided with a checksum, after you download the software you will generate another checksum from the downloaded softare, if the two checksums don’t match, that means the downloaded software has been tampered and you shouldn’t install it. People think the malware was injected by hackers, but I don’t believe it is the case. My request for comment on this from Cisco’s Talos team has not been responded and I will update this post once I receive a response. Their release announcement and blog post seem to indicate that Piriform detected the malware themselves on September 12, 2017. Piriform, the company developed CCleaner, announced the security issue today, but interestingly without giving any credits to Cisco’s Talos team. On September 13, 2017, Cisco’s Talos cybersecurity reported that CCleaner has been distributed with malware for almost one month, and the infected version is the 32-bit version of CCleaner 5.33 which was released on August 15 and the 32-bit version of CCleaner Cloud released on August 24. The free version is at the top of the popular software list on.
CCleaner is a popular and powerful PC tool that helps users to clean up their PCs by deleting temporary files, emptying recycle bins, deleting registry leftovers after program uninstall, etc.
0 kommentar(er)
