PDA

View Full Version : CCleanup: A Vast Number of Machines at Risk


Jeff P
09-18-2017, 11:23 AM
CCleanup: A Vast Number of Machines at Risk:
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

and:
On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. Talos began initial analysis to determine what was causing this technology to flag CCleaner. We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner's download server as recently as September 11, 2017.



-jp

.

_______
09-18-2017, 11:45 AM
Very useful!

I run the free version. It doesn't appear the compromised version ever loaded onto my home machine. It doesn't seem that individuals would have been the target. This was aimed at enterprise.

Nonetheless, if you have a version that auto updates you were compromised.

AltonKelsey
09-18-2017, 02:55 PM
Had an old version installed which I just nuked

Clocker
09-18-2017, 03:11 PM
Nonetheless, if you have a version that auto updates you were compromised.

As I read that article, which is tough because I don't speak geek, it says that the free version does not auto update.

Question for those more computer literate on such matters. I have version 5.24 and the CC web site says version 5.34 is available. It sounds like my current version should be clean, and that it is OK to go ahead and download 5.34, right?

_______
09-18-2017, 03:26 PM
As I read that article, which is tough because I don't speak geek, it says that the free version does not auto update.

Question for those more computer literate on such matters. I have version 5.24 and the CC web site says version 5.34 is available. It sounds like my current version should be clean, and that it is OK to go ahead and download 5.34, right?

I believe you have this correct.

Jeff P
09-18-2017, 03:50 PM
Clocker, I also think you would be OK to download v 5.34.

From the article on the Cisco's Talos Intelligence Group blog:
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

It is also important to note that while previous versions of the CCleaner installer are currently still available on the download server, the version containing the malicious payloads has been removed and is no longer available.




-jp

.

Marshall Bennett
09-18-2017, 04:40 PM
As I read that article, which is tough because I don't speak geek, it says that the free version does not auto update.

Question for those more computer literate on such matters. I have version 5.24 and the CC web site says version 5.34 is available. It sounds like my current version should be clean, and that it is OK to go ahead and download 5.34, right?
I downloaded version 5.34 a few days ago and works well. I use it almost daily.

AltonKelsey
09-18-2017, 05:05 PM
I downloaded version 5.34 a few days ago and works well. I use it almost daily.


Why would you use that daily. I nearly NEVER use these things. Maybe I'm missing some great experience

Clocker
09-18-2017, 05:29 PM
I just checked the CCleaner web site and and the free version of the update (Version 5.34) is available. They are also offering the professional version for $19.95. Anyone use the Pro version, and is it worth getting? Thanks.

http://www.piriform.com/ccleaner/download?upgrade (http://www.piriform.com/ccleaner/download?upgrade)

_______
09-18-2017, 06:58 PM
Why would you use that daily. I nearly NEVER use these things. Maybe I'm missing some great experience

I use it when I get an alert that I haven't used it lately and it can save me "X" amount of storage. I'm also confused by why anyone would use it daily.

_______
09-18-2017, 07:07 PM
I just checked the CCleaner web site and and the free version of the update (Version 5.34) is available. They are also offering the professional version for $19.95. Anyone use the Pro version, and is it worth getting? Thanks.

http://www.piriform.com/ccleaner/download?upgrade (http://www.piriform.com/ccleaner/download?upgrade)

One of the "benefits" of the pro version is automatic updates. The absence of which saved all us cheapskates the trouble of restoring settings to an earlier uncontaminated date.

I'm sure this can be turned off (I don't let my anti-virus auto update) but if you aren't an enterprise I'd be confident saying you don't need the pro version.

Tom
09-18-2017, 10:41 PM
I'm still using 4.09 Free version.
It does the job, so I have never bothered to update it.
If it ain't broke.....

Zaf
09-18-2017, 11:08 PM
Yup I have 5.19 works great, I'll stick with this one.

Z

Marshall Bennett
09-19-2017, 06:27 AM
Why would you use that daily. I nearly NEVER use these things. Maybe I'm missing some great experience
It checks to see all of your storage and where it is. Takes 10 seconds. Also I clean registry (10 seconds) and clean cache on Firefox and Chrome (perhaps 30 seconds). I don't run the cleaner on anything but what I've mentioned.
My computer is older. I suppose if you have a massive amount of storage it makes little difference.

Ocala Mike
09-19-2017, 10:47 AM
I'm running v5.13.5460. Am I ok?

AltonKelsey
09-19-2017, 02:14 PM
It checks to see all of your storage and where it is. Takes 10 seconds. Also I clean registry (10 seconds) and clean cache on Firefox and Chrome (perhaps 30 seconds). I don't run the cleaner on anything but what I've mentioned.
My computer is older. I suppose if you have a massive amount of storage it makes little difference.


just so you know, the cache's on browsers are self cleaning, and the registry rarely if ever needs to be touched, no less daily.

mostly just hype by cleaner companies.

In case you think I don't know, 40 years of computing qualifies me to say.

Marshall Bennett
09-19-2017, 04:54 PM
just so you know, the cache's on browsers are self cleaning, and the registry rarely if ever needs to be touched, no less daily.

mostly just hype by cleaner companies.

In case you think I don't know, 40 years of computing qualifies me to say.
Well sometimes Firefox does that, other times it doesn't. Chrome seldom self cleans cache. I've posed this question on computer geek sites. Some say if you don't wait a few minutes after closing browser it doesn't clean. So more often than not I don't want to wait a few minutes.
As for the registry, at least half the time there is 1 or more error.
It's just a few minutes out of my day so thanks, but I'm happy with it. :)

Red Knave
09-19-2017, 05:20 PM
just so you know, the cache's on browsers are self cleaning
I know that you mean the size of the cache is maintained at a default maximum but that still means that there could be lots of crud in there. My Firefox cache is set at 350MB (not sure if that's the default now or not).
It also means that when it does fill up the browser needs to spend background time doing maintenance getting rid of older stuff, saving newer stuff, re-organizing data so it can be found quicker etc. which means browsing can slow down.
I still clear cache once or twice a year.

Tom
09-19-2017, 09:26 PM
Twice a week for me.