CCleaner: 2m users install anti-malware program … that contains malware

Tool now owned by security firm Avast was hacked via a supply chain attack, an increasingly common method of infection

“At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” the Piriform’s vice president, Paul Yung, said.

‘At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,’ the Piriform’s vice president, Paul Yung, said. Photograph: Ritchie B. Tongo/EPA

  • Tuesday 19 September 2017 02.00 EDT Last modified on Tuesday 19 September 2017 02.31 EDT

    More than two million users of anti-malware tool CCleaner installed a version of the software that had been hacked to include malware, the app’s developer confirmed on Monday.

    Piriform, the developer of CCleaner now owned by security firm Avast, says that its download servers were compromised at some point between 15 August, when it released version v5.33.6162 of the software, and 12 September, when it updated the servers with a new version.

    In that period, a trojan was loaded into the download package which sent “non-sensitive data” from infected users’ computers back to a server located in the US. The data, according to Piriform, included “computer name, IP address, list of installed software, list of active software, list of network adapters”.

    As well as the data leak, however, the infection also resulted in a “second stage payload” being installed on to the affected computer – another piece of malware, which Piriform says was never executed.

    “At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” the company’s vice president, Paul Yung, said.

    The company says 2.27m users were infected, but added that “we believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm”. By taking down the “command and control” server, Piriform may have prevented the infection being used to inflict further damage.

    The breach was independently discovered by Cisco’s Talos Intelligence research team, who notified Piriform on 13 September, one day after the clean version of the software had been released in a regularly scheduled update. Talos recommends that affected systems be restored “to a state before August 15, 2017, or reinstalled”, advice which Piriform does not repeat.

    Compromising downloads to trusted software is an increasingly common route by which malware authors infect devices. The method, known as a “supply chain” attack, works because “the attackers are relying on the trust relationship between a manufacturer or supplier and a customer”, Talos says.

    In March 2016, a compromised version of BitTorrent client Transmission spread ransomware on Macs for three days, the first functioning ransomware attack on the operating system. Notoriously, a successful hack on Ukrainian accounting software MeDoc was responsible for seeding the NotPetya “ransomworm” – a self-replicating piece of ransomware – that took down companies including Merck, Maersk and Cadbury’s.

    Posted in Uncategorized | Leave a comment

    Why you shouldn’t freak out about the Equifax data breach

    The Equifax data breach was serious.

    Lauren Lyons Cole

    Equifax, one of the three credit reporting agencies in the US, announced that it was compromised between mid-May and July, potentially exposing Social Security numbers, credit card numbers, and other personal information for up to 143 million Americans.

    The company hasn’t handled it well so far. People are pissed, and they have a right to be. On top of everything, Equifax’s chief financial officer and two other senior executives cashed in on almost $2 million of Equifax stock once they learned about the hack, reported Business Insider’s Mohammed Hadi and Bryan Logan.

    Current news aside, the reality is that security breaches are here to stay, whether we like it or not. It’s safer to assume — and to act as though — your personal information is already out there, then to count on companies to protect your data.

    There are upsides, however, to moving our money online. As a financial planner in New York City, being able to access client accounts during meetings is incredibly helpful. Mobile check deposits are a game changer, at least until checks are no longer a thing. We can buy clothes and groceries and anything we want without ever standing in line at the cash register.

    It’s convenient and easy, except when it isn’t. Like now.

    Here’s the thing, though. As with the data breach at Target and Home Depot and many others you probably never knew about, this too will pass. Over the course of my career, I’ve seen some really bad financial situations. I know how stressful it can be, but I also know how possible it is to fix things — one step at a time. If something goes wrong with your money, it can be resolved much more easily than rebuilding after a hurricane, for example.

    Even when we take all kinds of steps to protect ourselves online, our best laid plans can still result in financial foibles — whether as a result of our own error or a giant financial company’s. I’ve had my credit card number stolen not once, but twice. Once at a bar and another time at a gas station. It was frustrating, but it didn’t ruin my life.

    The only thing we can do is try to protect our data as best we can, and respond quickly if something does happen. You’ll be okay, I promise.

    But if you’re still freaking out, here are some steps you can take to protect your data online.

    1. Find out whether you’ve even been compromised

    You can find out at Equifax’s website. Here’s how to do it.

    2. Use secure passwords

    This is like eating your vegetables: You know you should do it, but it’s not fun and you’d rather not. I get it. But any data security expert will tell you secure passwords are a necessity. Every site you use should have a different password, and it shouldn’t be easy to guess.

    Keeping track of a random string of 15 letters and numbers is basically impossible, so I use LastPass to generate and save all my online passwords. Hopefully they don’t get hacked, but at least it’s better than storing all my login info on the notepad app on my iPhone.

    3. Understand how to freeze your credit

    If securing your passwords seems like too big a lift, then freezing your credit or even setting up a fraud alert to protect against the chance of identity theft will definitely give you a headache.

    In theory, this sounds like a good idea and something that should be easy to do, but think about the last time your flight was canceled due to bad weather and everyone was trying to get rebooked at the same time. It’s an administrative nightmare, and stressing out about it doesn’t do you much good.

    Setting up a fraud alert only requires calling one of the credit agencies, but you’re going to have make copies of and mail in many important documents to put it in place.

    Freezing your credit means dealing with customer service agents at all three credit bureaus — Equifax, TransUnion and Experian — and keeping track of a unique pin number that you’re going to need anytime you want to open a new account or move to a new apartment. Make sure you fully understand how it works (the Federal Trade Commission has a nice break-down) before you start the process.

    One caveat: If your identity has actually been compromised — as in, someone tried to open a fraudulent account in your name — then this is an important step to take. But doing it proactively probably isn’t worth the trouble, if you ask me.

    4. Monitor your money regularly

    I use to quickly check all of my financial accounts every morning, just like I check email and Instagram. This came in handy both times my credit card was stolen. I was able to identify the pending charges before they even cleared my account, and American Express overnighted me a new card immediately. It was a little annoying, but not that big of a deal.

    If you have been compromised, this becomes even more essential. Equifax is offering free credit monitoring, but opting in to the service opts you out of future class action suits, so it’s probably better not to do it. You can monitor your credit for free using a service like CreditKarma. You can select to be notified when a new account is opened by visiting “Communications and Monitoring” under profile settings.

    Don’t worry too much if you’ve already agreed to Equifax’s credit monitoring. Who knows how this will all unfold, and it can’t hurt to have free credit monitoring in the mean time.

    5. Optimize your money management

    A breach like this is a good reminder to check your credit score, pull your credit report, and review the way you’re currently managing your money. There may be things you can do to improve your credit score, fix any errors on your credit report, and optimize your current collection of credit cards.

    Considering data breaches are more or less our new normal, the only thing we can really do is the one thing we should be doing anyway: Stay on top of your money, and fix any issues as soon as you can. No one is going to be more interested in your financial situation than you are. Not even a hacker.

    Posted in Uncategorized | Leave a comment

    Microsoft releases new Windows 10 preview with boot, narrator, shell, Edge, gaming, and input improvements

    Above: Windows 10

    Image Credit: Microsoft

    After releasing a Fall Creators Update build yesterday, Microsoft today released a new Windows 10 preview for PCs with boot, narrator, shell, Edge, gaming, and input improvements. While yesterday’s build was part of finalizing the Windows 10 Fall Creators Update, which is expected to arrive on October 17, today’s build is part of developing the update that will come after it.

    Windows 10 is a service, meaning it was built in a very different way from its predecessors so it can be regularly updated with not just fixes, but new features, too. Microsoft has released many such updates, including three major ones: November Update, Anniversary Update, and Creators Update.

    Since Microsoft is currently focusing on stability for the Fall Creators Update, those builds don’t include new features. And the builds for the next update, part of the “Skip Ahead” group, are still early, so they don’t either.

    “Because we are just beginning development for RS4, Insiders shouldn’t expect to see a lot of big changes or new features just yet,” Microsoft explained. “Our focus remains getting the Windows 10 Fall Creators Update ready for release!”

    First up, this build can now use sign-in info to apply settings after a restart or update. If you stay on the lock screen for a few seconds before signing in, you will now see your lock screen personalization (Settings => Personalization => Lock screen).

    As for Narrator, you can now select the desired audio channel for speech output (Settings => Ease of Access => Narrator => Sounds you hear). The fact that this wasn’t available before is a little surprising.

    The shell has received DPI, language preference, Action Center, Start, and People improvements. Edge, which received the most improvements (as with yesterday’s build), got fixes related to Facebook, Imgur, uploads, drag and drop, pinning, tab previews, tooltips, videos, and PDFs.

    Gaming improvements were specific to Ghost Recon: Wildlands and Train Simulator 2017. Input improvements were focused on emojis, gestures, handwriting, and odd CPU usage.

    This desktop build also includes the following general bug fixes and improvements:

    • Updated the Run dialog so when you hold Ctrl + Shift then click OK or press enter, it will run that task or program elevated, just like how it works in Cortana.
    • Fixed an issue where the Windows Defender Security Center app icon was missing in taskbar when the app was open, as well in Start’s all apps list. You will also notice that the icon is now un-plated in the taskbar.
    • Fixed the issue where USBhub.sys was causing spontaneous reboots due to bugchecks (GSOD).
    • Fixed an issue where the battery flyout might incorrectly show “PC not charging” while the device was charging in recent builds.
    • Fixed an issue where fonts using shortcuts would become unusable and disappear from the Fonts folder.
    • Fixed an issue where upgrading to recent flights would fail if you had a speech for a secondary language installed.
    • Fixed an issue from recent flights resulting in some Insiders experiencing an issue where Store apps would begin to fail to activate after being launched a few times.
    • Fixed an issue where your PC might not go to sleep automatically after remoting into it and signing out of the remote session.

    Today’s update bumps the Windows 10 build number for PCs from 16353 (made available to testers on August 31) to build 16362. Microsoft no longer tracks or lists known issues, so install at your own risk.

    Posted in Uncategorized | Leave a comment

    Android malware in Google Play racked up 4.2M downloads: Are you a victim?

    Malware authors cash in on Android users through SMS fraud and unwanted online subscriptions.


    Even though Google swiftly removed the rogue apps from Play Store, they may still be active on devices. (Image: ZDNet)

    Despite using machine learning to spot bad apps, Google let 50 of them into the Play Store, allowing the rogue programs to rack up 4.2 million downloads between them.


    Google has an Android security problem

    Google has now removed the apps, which enable fraudsters to make money by secretly sending messages to premium-rate SMS services and subscribing users to paid online services without their knowledge.

    The apps were discovered by researchers at Check Point, who’ve dubbed the malware ExpensiveWall because one of the trojanized apps was called Lovely Wallpaper. The malware is a variant of malware found in a photography app discovered in January by McAfee.

    Once ExpensiveWall-infected apps are installed, they acquire the device’s phone number to subscribe to a range of paid services and carry out SMS fraud. One victim reported being charged €10 ($12) per month, according to a snapshot of reviews for one of the apps.

    Google swiftly removed the apps after being notified by Check Point on Aug. 7. However, a few days later another ExpensiveWall app made it to the store and infected over 5,000 devices, according to Check Point.

    The security company has provided a list of the infected apps on its website and advises users to remove them manually as they obviously may still be installed even though Google has removed from them from the store.

    It’s not clear when the apps became infected with ExpensiveWall, but some of the apps were uploaded to Google Play in 2015. Check Point suspects the apps are infected by software development kit called ‘gtk,’ which developers embed in apps themselves.

    The most downloaded of the infected apps is called I Love Filter, the malware discovered in January. It was downloaded between one million and five millions times.

    Other apps downloaded as much as a million times include X Wallpaper, Horoscope, and X Wallpaper Pro.

    To avoid detection by Google’s anti-malware, ExpensiveWall’s developers used so-called ‘packers’, which encrypt or compress a malicious file to make analysis more difficult. The variant discovered earlier this year was not packed.

    The malicious apps do request Android permissions to access SMS and internet access. If these are granted by the user, the apps will send the fraudsters key details about the device, including the MAC address, IP address, and unique device identifiers.

    To subscribe to premium services and send SMS, the app opens an embedded webpage and runs a script that is capable of clicking on links in pages provided by ExpensiveWall’s controllers.

    According to Google’s 2016 Android security report, SMS fraud apps account for 10 percent of all malicious apps distributed on Google Play and grew 282 percent compared with 2015.

    Toll fraud, or fraudulent purchases charged to mobile phone accounts, made up two percent, but grew 593 percent year over year.

    Google has had to remove dozens of infected apps from the Play Store in recent months including SpyDealer, SonicSpy, and Judy.

    The malicious apps are a good reason to enable Google Play Protect on Android. All devices with Google Play installed have the feature. Users who don’t have it enabled may soon find themselves being prompted by apps they install from Google Play to do so.

    Google yesterday released a new SafetyNet Verify Apps API, which tells a developer whether a device their app is installed on is running Play Protect. It will also tell the developer whether any known malicious apps are currently installed.


    The notorious Svpeng malware takes advantage of an Android function designed to help people with disabilities use their phone.

    The malware relies on old vulnerabilities to root devices.

    Posted in Uncategorized | Leave a comment

    U.S. to ban use of Kaspersky software in federal agencies amid concerns of Russian espionage

    The U.S. government on Wednesday plans to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities, according to U.S. officials.

    Acting Homeland Security Secretary Elaine Duke will order that Kaspersky Lab software be barred from federal government networks while giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.
    The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
    In a statement to The Washington Post on Wednesday, the company said: “Kaspersky Lab doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it’s being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.
    “Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,” the firm said.
    The directive comes in the wake of an unprecedented Russian operation to interfere in the U.S. presidential election that saw Russian spy services hack into the Democratic National Committee and the networks of other political organizations and release damaging information.
    At least a half-dozen federal agencies run Kaspersky on their networks, the U.S. officials said, although there may be other networks where an agency’s chief information security officer — the official ultimately responsible for systems security — might not be aware it is being used.
    The U.S. intelligence community has long assessed that Kaspersky has ties to the Russian government, according to officials, who spoke on condition of anonymity to discuss internal deliberations. Its founder, Eugene Kaspersky, graduated from a KGB-supported cryptography school and had worked in Russian military intelligence.
    In recent months concern has mounted inside the government about the potential for Kaspersky software to be used to gather infomation for the Russian secret services, officials said.Richard Ledgett, former National Security Agency Deputy Director, hailed the move. Speaking on the sidelines of the Billington cybersecurity summit in Washington Wednesday, he noted that by Kaspersky, like other Russian companies, is “bound to comply with the directive of Russian state security services, by law, to share with them information from their servers.”
    Concerns about Kaspersky software had been brewing for years, according to one former official who told The Post that some congressional staffers were warned by federal law enforcement officials as early as November 2015 not to meet with employees from Kaspersky over concerns of electronic surveillance.
    When GSA announced its July decision, it underscored its mission was to “ensure the integrity and security of U.S. government systems and networks” and that Kaspersky was delisted “after review and careful consideration.” The action removed the company from the list of products approved for purchase on federal systems and at discounted prices for state governments.
    The directive will also put pressure on state and local governments that use Kaspersky’s products. Many had been left to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost. In July, The Post found several state or local agencies that used Kaspersky’s antivirus or security software had purchased or supported the software within the last two year

    Posted in Uncategorized | Leave a comment

    How to Save Money With Microsoft Edge and Cortana

    Cortana can team up with Microsoft’s Edge browser to offer money-saving coupons at popular online retailers and serve up details on different restaurants.

    How Microsoft Cortana Can Save You Money

    The Cortana voice assistant in Windows 10 lets you ask questions, issue commands, and perform tasks with the tap of a finger or sound of your voice.

    Windows 10 Bug ArtBut Cortana has another trick up its sleeve, one designed to save you money. When you use the Microsoft Edge browser in Windows 10 to check out restaurants or shop online, Cortana can jump in to provide information and even money-saving offers.

    Browse to certain retail web pages, and Cortana displays a message offering coupons to get you hot deals on various products. Cortana can tap into coupons from Best Buy, Macy’s, Home Depot, Target, and a host of other online merchants. Browse to certain restaurant web pages, and Cortana displays contact information as well as reviews from Yelp, so you’ll know if dining at a certain restaurant is worth your hard-earned cash.

    To get the best results, you’ll want to enable Cortana’s help in Microsoft Edge. Open Edge, and click on the More icon () on the top right, and click Settings. Scroll down and click on the button to “View advanced settings.” Scroll down to the Privacy and services section, and turn on the switch to “Have Cortana assist me in Microsoft Edge,” if it’s not already enabled.

    How Microsoft's Cortana Can Save You Money When Shopping Online

    Let’s try to hunt down some money-saving coupons at various retailers, beginning with Best Buy’s website. At the right side of the URL field, Cortana asks “Can I interest you in a coupon?”

    How Microsoft's Cortana Can Save You Money When Shopping Online

    Click on that question, and a sidebar pops up with some money-saving deals.

    How Microsoft's Cortana Can Save You Money When Shopping Online 6

    Click on one of the links to “Read fine print” for a specific deal. A Cortana page pops up with all the details on the deal, including which product or products are included, how much you can save, and whether the offer is good online and/or in-store.

    How Microsoft's Cortana Can Save You Money When Shopping Online 7

    Here’s another money-saving offer from Sears. At the right side of the URL field, Cortana asks “Can I interest you in a coupon?”

    How to Save Money With Microsoft's Cortana

    Click on that question, and the sidebar pops up with current deals.

    How to Save Money With Microsoft's Cortana

    Click on one of the links to “Read more.” Another Cortana page appears with details on the offer.

    How to Save Money With Microsoft's Cortana


    Now let’s see if that restaurant is worth your time and money. Using Edge, browse to a restaurant website; we’ll use the website for Sardi’s, the famous New York City restaurant where theater folk gather to nosh and schmooze, as an example. At the right area of the address field, Edge makes its presence known with an orange circle and a line that reads: “I’ve got directions, hours, and more.”

    How Microsoft's Cortana Can Save You Money When Shopping Online 2

    Click on that line, and Edge opens a sidebar on the right with lots of details on the restaurant, including its address, location, phone number, and hours, as well as links to call, get directions, and look at the menu.

    How Microsoft's Cortana Can Save You Money When Shopping Online 3

    Scroll down the sidebar, and you’ll see reviews of the restaurant courtesy of Yelp, followed by photos of the establishment. Reading the various reviews can help you decide if you’d like to give the restaurant a shot.

    How Microsoft's Cortana Can Save You Money When Shopping Online 4

    You can try your luck at a variety of retail outlets and restaurants. Many don’t support the Cortana integration, but a lot do. So you should find some sites that cough up the cash-saving offers and detailed reviews and other information.

    Posted in Uncategorized | Leave a comment

    Microsoft to unveil new Surface gear on October 31st

    It could include a new Surface Book, a Surface Pro LTE and more.


    Microsoft might not be done introducing new Surface hardware this year just because the Surface Laptop and Surface Pro are on store shelves. The company has confirmed that devices executive Panos Panay will be presenting at the company’s two-day Future Decoded event (starting October 31st — yes, Halloween), hinting that he’ll introduce new hardware. A source speaking to The Verge supports this with word that there will be “at least one” new piece of hardware at the event, so it seems like Microsoft’s habit of introducing new Surface machines in October will remain intact. As it stands, there are a few systems that could stand to get upgrades.

    The most obvious candidate is the Surface Book. Microsoft introduced the current base model back in 2015, and the 2016 refresh ultimately amounted to a high-spec option rather than a true replacement. Provided the Surface Book line carries forward, it’s due for new processors (8th-generation Core seems likely), new graphics and other tweaks that you’d expect after two years.

    There are other possibilities. That promised LTE Surface Pro has yet to materialize, and the Surface Studio all-in-one is nearly a year old (with graphics that were outdated when the system was new, we’d add). The Surface Hub is long in the tooth, and there’s always the chance that Microsoft will unveil a new form factor just to keep people on their toes. In short: while there are a few front runners for hardware updates, it’s hard to completely rule out surprises.

    Posted in Uncategorized | Leave a comment