For those customers who do not use it, CCleaner is a wonderful and small, effective utility that cleans out the ‘junk’ that accumulates over time: temporary files, broken shortcuts, and other problems. A lot of our staff and customers use CCleaner for this purpose on their PC’s.

On September 13th a company called Morphisec discovered the hack and alerted Cisco Talos, the leading malware and virus threat researching group. It appears that the hackers had access to user information, a ‘payload’ for 4 weeks and appropriate measures were taken to limit the damage it could have caused. Cisco Talos has been studying the malicious code in an attempt to find out just what kind of further damage it could have caused if it had been left undiscovered for a longer time period.

The good news seems to be that it was mostly designed to target large corporations such as Samsung, HTC, Microsoft, and even Cisco themselves, in a multi-stage attempt at industrial espionage, rather than attack personal users. The Bad News, however, is that this is an example of a new trend being used by hackers, the Supply Chain Attack. “By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,” says Talos. Such attacks have been used before, the Petya Ransomware attack is one such example.

Only the 32bit and Cloud version for windows was compromised and the intrusion was detected and patched before the second stage “payload” could be activated. Since then Avast/Piriform, the makers of CCleaner, have released patched versions of the software. Closing the exploit, and forced updates where they could protect affected users. Even though there are approximate 3/4million users who still have a compromised version of CCleaner, the malicious code cannot do anything since Avast/Piriform cleaned up the server side of the malware.
By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates. Such attacks have been used before, the Petya Ransomware attack is one such example. Unfortunately, the only way we can recommend to defend against these types of attacks is to keep backups of your computer. By using a backup, you can reduce the loss of your personal data from everything on your computer gone, to just everything since the last time you backed up your computer.
Server-side intrusion (not involving your home computer) is becoming more common so it is becoming a real concern. If you have CCleaner, you can feel confident to continue to use the software but it is good general practice to delete old programs you no longer use, limiting your exposure.