“Some of the functions are almost identical, while other functions have a partial match, but the structure is overall very similar,” the Avast researchers said.
#Ccleaner malware attack code#
However, they said that because the CC log data has been recovered for only 3 of the 31 days the CCleaner backdoor was active, the total number of infected computers is “likely at least in the order of hundreds”.Ĭisco Talos CC server data shows that targeted organisations included Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself.Īnother four domains belonging to “two more companies” were also targeted, according to the latest Avast blog post, but researchers said they did not want to disclose the names of these companies as they were potentially subjected to the attack.Īll companies believed to have been exposed to the malware payload have been notified, the Avast researchers said.Īlthough the Avast researchers have not named the attackers, their investigations so far have identified similarities between the code injected into CCleaner and APT17/Aurora malware created by a Chinese advanced persistent threat (APT) group in 20. “Given that CCleaner is a consumer-oriented product, this was a typical watering hole attack where the vast majority of users were uninteresting for the attacker, but select ones were,” Avast researchers said.
The company said it had resolved the problem quickly and believed no harm was done to any of its users because the command and control (CC) server had been shut down and there was no indication the malicious code had been executed, but researchers have since found otherwise.Īccording to researchers at Avast and Cisco Talos, the malware was delivered successfully to 20 select targets among the 700,000 computers that appear to have been infected.
Earlier this week, Piriform said only the 32-bit version of the v of CCleaner and the v of CCleaner Cloud had been affected.
0 kommentar(er)
