We thank Morphisec and we owe a special debt to their clever people who identified the threat and allowed us to go about the business of mitigating it. We believe that Morphisec also notified Cisco. These users should upgrade even though they are not at risk as the malware has been disabled on the server side.Īvast first learned about the possible malware on September 12, 8:35 AM PT from a company called Morphisec which notified us about their initial findings. And due to the proactive approach to update as many users as possible, we are now down to 730,000 users still using the affected version (). As only two smaller distribution products (the 32 bit and cloud versions, Windows only) were compromised, the actual number of users affected by this incident was 2.27M. However, this is several orders of magnitude different from the actual affected users. This comes from the fact that since CCleaner started, it has been downloaded 2 billion times with 5 million a week being currently downloaded, as presented on their website. Many of the articles implied that 2 billion users were affected with an additional 5 million every week. We would like to take this opportunity to correct as much as we can in this article. Shortly after the original announcement, a series of press stories were released but many of the details about what happened and the impact on users were surmised. We continue to be actively cooperating with law enforcement units, working together to identify the source of the attack. In our view, it was a well-prepared operation and the fact that it didn’t cause harm to users is a very good outcome, made possible by the original notification we received from our friends at security company Morphisec (more on this below) followed by a prompt reaction of the Piriform and Avast teams working together. The compromised version of CCleaner was released on August 15 and went undetected by any security company for four weeks, underscoring the sophistication of the attack. We strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition. The server was provisioned earlier in 2017 and the SSL certificate for the respective https communication had a timestamp of July 3, 2017. The compromise may have started on July 3 rd. What we didn’t know was that before we completed the acquisition, the bad actors were likely already in the process of hacking into the Piriform systems. The purpose of this article is to clarify what actually happened, correct some misleading information that is currently circulating, recap what actions Avast took, and outline next steps.Īvast acquired Piriform, the maker of CCleaner, on Jbecause Piriform has a great product, and wonderful supporters and users. Within approximately 72 hours of discovery, the issue was resolved by Avast with no known harm to our Piriform customers. As such, as soon as we became aware of this issue, we engaged and solved it. We understand that given the late disclosure of the massive Equifax data breach 10 days ago, consumers and media are very sensitive, as they should be. Our first priority is our commitment to the safety and security of our millions of users, and supporting our new partner Piriform as they manage this situation. There has been quite a bit of press coverage today about our announcement that the Piriform CCleaner product was illegally modified during the build process to include a backdoor component. Clarifying what happened and outlining our next steps in protecting CCleaner customers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |