![]() ![]() Michael Gorelik, VP R&D at Morphisec, explained that, after analyzing the malware, they found that the TLS initialization of callback functions was probably altered by a modification of the visual studio runtime file. We strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition,” they noted. The server was provisioned earlier in 2017 and the SSL certificate for the respective https communication had a timestamp of July 3, 2017. “The compromise may have started on July 3rd. ![]() In today’s update on the situation, Avast CEO Vince Steckler and CTO Ondrej Vlcek said that the hackers were likely already in the process of hacking into the Piriform servers as Avast was putting everything in place to complete the acquisition of Piriform (in July 2017). September 18: Piriform makes the announcement about the compromise, Cisco Talos releases a blog post detailing the threat, later that day Morphisec releases a short write-up about it.As Avast noted in an update today, “the threat was effectively eliminated as the attacker lost the ability to deliver the payload.” Around the same time, Cisco registered the malware’s secondary DGA domains. September 15: Avast and law enforcement take down the backdoor’s C&C server.September 13: Cisco discovers the malware (also via customer log analysis) and notifies Avast.September 12: Morphisec notifies Avast, Avast releases a clean version of CCleaner (), pushing it out as a lightweight automatic update to CCleaner users where it was possible, and started notifying the remaining users to upgrade to the latest version of the product ASAP.September 11: Morphisec researchers flag the malware after analyzing the logs of some of its products installed at customer sites.August 24: Malicious CCleaner Cloud (v) made available for download from Piriform’s servers.August 15: Malicious CCleaner (v) made available for download from Piriform’s servers.The timeline of the incident and Avast’s response to it is as follows: On Monday, Cisco and Piriform – the Avast-owned company behind the popular CCleaner utility – announced that certain versions of the software have been backdoored by hackers.Ī blog post by security outfit Morphisec later revealed they were the ones who first notified Avast of the problem. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |