CCleaner Outbreak Looks Worse Than We First Thought

CCleaner Outbreak Looks Worse Than We First Thought

Reports are emerging that the CCleaner outbreak targeted computers at some specific companies. Evidence procured from data on a command-and-control server shows that 20 of the 700,000 affected computers belonged to companies such as Samsung, Cisco, Sony and Microsoft.

The initial infection was launched after Avast was hit by hackers that infected their CCLeaner application. The attack had a second stage that used a different set of command and control servers.

Craig Williams, a senior technology leader and global outreach manager at Talos, was interviewed by Ars Technica and said “When you look at this software package, it’s very well developed. This is someone who spent a lot of money with a lot of developers perfecting it. It’s clear that whoever made this has used it before and is likely going to use it again”.

With security professionals picking up their game and becoming more adept and protecting against traditional threats, detecting incursions and reacting effectively if a beach occurs, hackers are turning to more sophisticated means to infiltrate targets. By infecting the software supply chain, threat actors can enter business through the front door.

This puts the onus on companies to ensure they have effective detection methods and monitor networks from any unusual network traffic, particularly outbound traffic to unexpected or unusual destinations.


  • The list of domains in the article is a list of machines that the malware delivered a specialized secondary payload to, not a list of machines actually infected.

  • Such apps like CCleaner are kind of irrelevant – or superfluous – these days with the resources we have on computers and built in tools.

    Clearing up browser cache and uninstalling apps are trivial for anyone who understands what they’re doing – only takes a quick Google search to find out how.

    Microsoft’s builtin Disk Cleanup is another way to free up disk space occupied by Microsoft’s browsers, previous upgrade builds, etc…

    Deleting orphined keys in registry add little to no performance gain as computers have ample memory to load the entire registry hive without paging/swapping to disk.
    This was a different case when we had barely enough RAM for just the OS, post upgrade on a ageing system.

  • Yes, I agree the previous version was much useful then this because I’m using C Cleaner for last 1 year. I think they will examine the current problems and will update in the latest version.

Show more comments

Log in to comment on this story!