Simultaneously, Avast and Piriform checked and found the latest CCleaner build, version 5.34, did not contain the backdoor and pushed the clean version out as an automatic update to those using the cloud version. Monday September 18, after getting clearance from the law enforcement authorities,” Vlček told SC Media. The public disclosure happened the next working day, i.e. Doing all of this and taking a server down in 72 hours is actually a very good result. "Taking down a server, even if it is proven to be used for malicious activity, can only be done through law enforcement units, and usually only after issuing a court order. With Morphisec's information in hand Avast launched an investigation and three days later, working with law enforcement, the command and control server working with the malware was taken down. However, with the release of patched version the number of people still exposed has dropped to 730,000 as the rest have updated their software. Steckler also stated for the record how many people were initially impacted, saying 2.27 million users had downloaded the effected CCleaner version and were thus exposed to the backdoor. “We thank Morphisec and we owe a special debt to their clever people who identified the threat and allowed us to go about the business of mitigating it,” the blog said. Steckler said one reason it took so long to detect was the malware's sophistication. The compromised version of CCleaner was released on August 15 and was not detected by Avast until the cybersecurity firm Morphisec informed it of the problem on September 12.
We strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition,” they wrote. “The server was provisioned earlier in 2017 and the SSL certificate for the respective https communication had a timestamp of July 3, 2017. In a blog posted today Avast's Vince Steckler, CEO, and Ondřej Vlček, CTO and executive vice president of consumer business, said the company's investigation points to the backdoor being installed around July 3, or about two weeks prior to Avast's acquisition of Piriform, which created and originally distributed CCleaner. Avast executives today attempted clarify and mitigate the public relations damage done when its CCleaner computer maintenance app was discovered to have exposed 2 million users by saying the malware was likely injected prior to Avast's purchase of CCleaner and that to their knowledge no harm came to anyone.
0 kommentar(er)
