Hello, welcome to the Tuesday, September 19th, 2017 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Yet again, we do have a case where security software was used to compromise users.

This time, Evast and its popular C-Cleaner product

are to blame version 5.33 and the cloud version 1.07.391 were replaced with a malicious

version that included the Natia Warm according to Cisco's

Talas research team.

The news broke early on Monday and it is a bit difficult to estimate the total number of systems

affected by this but Sea Cleaner is extremely popular and has been downloaded a total

of 2 billion times.

They're saying they're seeing about 5 million downloads per week.

Now, C-Cleaner isn't an Anheimer product, but instead, as the name implies, does assist

the user in routine cleanup tasks and the removal

of some unwanted software. But it's really more about bloatware and such, not so much about

matter. The affected version 533 was released on August 15th and replaced with an update 534, which was the non-infected update on September 12th.

It's not really clear when exactly the malicious version was placed on the server.

The malicious version was signed with a valid semantic issued

certificate. The certificate was issued to Periform, a company that was recently acquired by Avast.

Periform originally developed C-cleaner, so this was a reasonable certificate to expect for a signature

for sea cleaner. Currently, at least two different malicious samples were discovered, which

were created within minutes of each other. As Talisman points out, this issue may indicate a larger compromise of Avast, or at least

...