CCleaner compromised – What you should know

Multiple news outlets reported this morning that the widely-used CCleaner performance optimization utility was compromised by hackers earlier this month. Specifically, a Trojan had been piggybacked onto the latest release (5.33.6162). NetWatch uses this utility widely on our managed desktops. Here’s are a few things to know:

(1) Most of our clients’ systems were never upgraded to the affected versions. We usually withhold noncritical upgrades for awhile to make sure they’re safe. That strategy paid off this time! Those that were upgraded have since been upgraded again to the “safe” version, 5.34. To check your version, you can open the app and choose Help/About from the main menu. If you have the vulnerable version, simply put in a help desk ticket and we’ll get you taken care of.

(2) For managed client machines that have the vulnerable version: The desktop AV/firewall software and the perimeter firewall both have updated signatures against the specific malware contained in the software, so these sites and all machines are protected. Also, the central servers used by the malware are blocked by your DNS proxy software, so even an infection that hypothetically managed to bypass the desktop and perimeter protections would still not be able to report stolen info back to the hackers.

It is through this type of redundant, multi-tier security architecture that we are able to provide the best possible level of protection for our clients.