Blog from Oct 12, 2017

CCleaner Hacked

Problem

Some CCleaner installers were found to have third party malware embedded. Though CCleaner fixed their installers quickly, some of users downloaded and unknowingly installed malware. A project in IT User Support was initiated to identify these systems and notify users that their computers could be compromised. We requested removal of the software and a complete Sophos scan to be run to confirm removal of the infected software. We are continuing to monitor systems for potential threat using BigFix.

Solution

IT User Support advised staff to do the following:

  1. Uninstall CCleaner
  2. Run a Sophos scan. If you don’t have Sophos installed, please download for our software download page (https://software.lbl.gov)

Related news

Please note as a part of this investigation, we discovered that the free version of CCleaner cannot legally be installed on Laboratory computers. The IT User Support will be issuing a BigFix offer to remove this software at user convenience. If you don't have BigFix installed on your system please see our IT Software Download Page at https://software.lbl.gov/.

This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit software.lbl.gov.