Backdoor in PC Cleaner App Thwarted

The Network: A technology provider with an on-site IT team. Netsurion’s co-managed security solution, EventTracker, augments this team.

The Expectation: Robust and up-to-date (Anti-Virus, Next-Gen Firewall) prevention mechanisms thwart most common attacks, but since perfect protection is not practical, monitoring is also necessary. Users are educated and will make sensible decisions.

The Catch: Netsurion’s SOC analysts detected that a freeware program CCleaner was running on a desktop of a user in the Sales Processing department. This program is billed as “the world’s most popular PC cleaner”. A freeware program, it ostensibly cleans up cookies and junk program so that your PC can run faster. The problem? This program has been compromised with millions of users falling victim.

The Find: On publication of this threat advisory, Netsurion’s SOC analysts began monitoring customers environments for any instance of CCleaner executables and noticed it on this desktop.

The Fix: The cybersecurity analyst immediately notified the customer IT team who quickly removed this “unauthorized” program from the user’s desktop. The user was provided a refresher on downloading “free” programs. User permissions were reviewed and adjusted to “least privilege”.

The Lesson: Threats are lurking everywhere. 24/7/365 SOC monitoring and detection is needed against both commodity and advanced threats.