Linked by Thom Holwerda on Tue 19th Sep 2017 09:58 UTC
Privacy, Security, Encryption

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

Don't use registry cleaners. They serve no purpose.

Permalink for comment 648996
To read all comments associated with this story, please click here.
Comment by kurkosdr
by kurkosdr on Tue 19th Sep 2017 12:36 UTC
kurkosdr
Member since:
2011-04-11

Since the identity of the vendor is known (because the package is signed), does this mean the vendor is liable to pay for damages, just like if a supermarket that sold flour containing arsenic would be? No? "Software doesn't work that way"?

And this is why we are headed towards a software-driven dystopia, fast. The update to the autonomous system of your car will steer you towards a brick wall, or the update to the collision avoidance system could slam the brakes while you are driving on the highway, and the vendor will be able to just point to a third party and avoid all responsibility for any damages.

Edited 2017-09-19 12:42 UTC

Reply Score: 2