First I knew about it was when my AV told me I was infected with Backdoor:Win32/Floxif.gen!A
Piriform doesn't appear to be very pro-active about the breach and you have to dig quite deep into their site to find information. Whilst they have pushed out automatic updates for users who pay, those with the free version appear to have received no notification.
It seems to have been played down because only 20-70 (depending upon which report you read) got targeted for the main payload. I feel distinctly uncomfortable about the number of machines out there sat out there with a backdoor on the system.
Whilst the trojan only ran on Win 32 bit systems, registry values were also amended on 64 bit systems.
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo
The values in question are:
MUID, TCID and NID
Thinking about it this could account for the wildly varying figures - I'm only guessing but based on info:
If >20 million infected copies were downloaded, but if it only ran on 32 bit systems which is why perhaps the >2 million figure.
For the systems it ran on it gathered the following info
Computer name
A list of installed software, including Windows updates
A list of the currently running processes
The MAC addresses of the first three network adapters
Other system information that is relevant for the malware like admin privileges, whether it is a 64-bit system, etc.
There's also some more technical details here at
Malwarebytes