Ccleaner compromised - check what version you're using!

General discussion area and chat

Moderator: satrow

Forum rules
This General Discussions forum is an open chat area, so you can talk about almost any subject. Please keep things civil, though!

Please do try to somewhat stick to the relevance of this forum, which focuses on everything around the Pale Moon project and its user community. "Totally random" subjects don't really belong here, even in the general discussion area.
User avatar
helloimustbegoing
Board Warrior
Board Warrior
Posts: 1890
Joined: Thu, 28 Jun 2012, 01:20

Ccleaner compromised - check what version you're using!

Unread postby helloimustbegoing » Mon, 18 Sep 2017, 23:47

If you use CCleaner, check what version you're running. Versions CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 have been compromised. According to Piriform, only the 32-bit versions of the applications were compromised and distributed using the company's own infrastructure. The compromised versions were up for almost a whole month.

https://www.ghacks.net/2017/09/18/ccleaner-compromised-better-check-your-pc/

RJARRRPCGP
Fanatic
Fanatic
Posts: 188
Joined: Mon, 22 Jun 2015, 19:48
Location: USA (North Springfield, Vermont)

Re: Ccleaner compromised - check what version you're using!

Unread postby RJARRRPCGP » Tue, 19 Sep 2017, 00:52

Looks like we may have to ban a CA! (Possibly ban Symantec as the CA)

lyceus
Moon Magic practitioner
Moon Magic practitioner
Posts: 2210
Joined: Tue, 13 Sep 2011, 23:08

Re: Ccleaner compromised - check what version you're using!

Unread postby lyceus » Tue, 19 Sep 2017, 01:20

Crap I have installed that version! :sick: :evil:

User avatar
rabnbeinn
Lunatic
Lunatic
Posts: 316
Joined: Fri, 18 Nov 2011, 20:38
Location: Scotland

Re: Ccleaner compromised - check what version you're using!

Unread postby rabnbeinn » Tue, 19 Sep 2017, 13:53

I'm ok, still running version v5.11.5408(64bit)

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1016
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Ccleaner compromised - check what version you're using!

Unread postby Tomaso » Tue, 19 Sep 2017, 14:13

So, CCleaner changed from spyware to malware.
A small step.
How this software has gotten such a good reputation in the first place is beyond me.

User avatar
satrow
Forum staff
Forum staff
Posts: 1695
Joined: Thu, 08 Sep 2011, 11:27

Re: Ccleaner compromised - check what version you're using!

Unread postby satrow » Tue, 19 Sep 2017, 14:28

Tomaso wrote:So, CCleaner changed from spyware to malware.


No. One of their servers was compromised.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1016
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Ccleaner compromised - check what version you're using!

Unread postby Tomaso » Tue, 19 Sep 2017, 14:31

satrow wrote:No. One of their servers was compromised.

I know.
Just saying.

User avatar
satrow
Forum staff
Forum staff
Posts: 1695
Joined: Thu, 08 Sep 2011, 11:27

Re: Ccleaner compromised - check what version you're using!

Unread postby satrow » Tue, 19 Sep 2017, 15:29

If you can get past your rather obvious bias, you might want to read Avast's latest comment on this subject, you might then find yourself in a position to make a more helpful, useful or accurate comment.

Here's a taster:

... as soon as we became aware of this issue, we engaged and solved it. Within approximately 72 hours of discovery, the issue was resolved by Avast with no known harm to our Piriform customers. The purpose of this article is to clarify what actually happened, correct some misleading information that is currently circulating, recap what actions Avast took, and outline next steps.

Avast acquired Piriform, the maker of CCleaner, on July 18, 2017 because Piriform has a great product, and wonderful supporters and users. And we stand by that today. What we didn’t know was that before we completed the acquisition, the bad actors were likely already in the process of hacking into the Piriform systems. The compromise may have started on July 3rd. The server was provisioned earlier in 2017 and the SSL certificate for the respective https communication had a timestamp of July 3, 2017. We strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition.

The compromised version of CCleaner was released on August 15 and went undetected by any security company for four weeks, underscoring the sophistication of the attack.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1016
Joined: Thu, 23 Jul 2015, 16:09
Location: Norway

Re: Ccleaner compromised - check what version you're using!

Unread postby Tomaso » Tue, 19 Sep 2017, 15:48

All I'm saying is that the damn thing is spyware, and it has been spyware for years!
The last time I installed CCleaner, both the normal desktop installer and the slim version tried to connect to the internet.
The program executables tried to connect to the internet regardless of the update check setting too.
I can only imagine that the cloud version behaves even worse.

As for the functionality of the program itself, CCleaner gives the users way too little control as to what's actually being done to their systems, IMO.
At the very least, people should be able to configure which files to be cleaned by extension types, and to make use of the recycle bin for restore purposes.

When it comes to system cleaners, my two cents goes to Ace Utilities (shareware):
http://www.acelogix.com/aceutils.html

User avatar
satrow
Forum staff
Forum staff
Posts: 1695
Joined: Thu, 08 Sep 2011, 11:27

Re: Ccleaner compromised - check what version you're using!

Unread postby satrow » Tue, 19 Sep 2017, 16:27

Okay, don't read it. Your description is completely at odds with what I see and have tested, any further ranting/discussion along those lines really should be done elsewhere, as you appear to have zero interest in the topic under discussion here.

dark_moon

Re: Ccleaner compromised - check what version you're using!

Unread postby dark_moon » Wed, 20 Sep 2017, 19:24

As i say it a lot times: Just dont use this tool. You dont need it.
Windows have cleaning tools, Pale Moon too

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread postby John connor » Wed, 20 Sep 2017, 23:05

I've been using version 4.xx for a long time. I just don't see a need to update, really. It will all do the same thing: basic cleaning of your Temp files and crap. But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
Last edited by John connor on Wed, 20 Sep 2017, 23:07, edited 1 time in total.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread postby John connor » Wed, 20 Sep 2017, 23:06

Tomaso wrote:All I'm saying is that the damn thing is spyware, and it has been spyware for years!
The last time I installed CCleaner, both the normal desktop installer and the slim version tried to connect to the internet.
The program executables tried to connect to the internet regardless of the update check setting too.
I can only imagine that the cloud version behaves even worse.

As for the functionality of the program itself, CCleaner gives the users way too little control as to what's actually being done to their systems, IMO.
At the very least, people should be able to configure which files to be cleaned by extension types, and to make use of the recycle bin for restore purposes.

When it comes to system cleaners, my two cents goes to Ace Utilities (shareware):
http://www.acelogix.com/aceutils.html



Go to oldversion.com or oldapp.com and grab a version in the 4 area. Also look in the options for anything relating to Internet connectivity.

van p
Fanatic
Fanatic
Posts: 212
Joined: Thu, 19 Nov 2015, 07:15
Location: Cincinnati, OH, U.S.A.

Re: Ccleaner compromised - check what version you're using!

Unread postby van p » Thu, 21 Sep 2017, 05:48

John connor wrote:But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.

This may be off-topic, but--

1. Researching System Ninja, one reviewer (2 years ago) called it malware, saying, "I don't care if Opencandy is supposedly not permanent. It's there to track what users do for advertising purposes. It's malware." Know anything about this?

2. Other comments said it does essentially what Windows does, cleaning-wise. Is it your opinion that it does meaningfully more than CCleaner and Windows? If so, is there any point in having CCleaner?

Thanks.
Windows 10 Pro x64 v1803 8GB i5-4570 | Pale Moon v27.9.4 x64

dark_moon

Re: Ccleaner compromised - check what version you're using!

Unread postby dark_moon » Thu, 21 Sep 2017, 08:02

Second round: https://www.ghacks.net/2017/09/21/cclea ... iscovered/ (CCleaner Malware second payload discovered)

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread postby John connor » Thu, 21 Sep 2017, 15:30

van p wrote:
John connor wrote:But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.

This may be off-topic, but--

1. Researching System Ninja, one reviewer (2 years ago) called it malware, saying, "I don't care if Opencandy is supposedly not permanent. It's there to track what users do for advertising purposes. It's malware." Know anything about this?

2. Other comments said it does essentially what Windows does, cleaning-wise. Is it your opinion that it does meaningfully more than CCleaner and Windows? If so, is there any point in having CCleaner?

Thanks.


Well, as a user of System Ninja for about 2 years now I have never seen any opencandy at all. I guess I could run my network sniffer and see if it's calling back home with stuff, but I have a felling all I will find are requests to see if there is a new version. I do however always chose the custom install option when ever I install things just in case something sneaky is there that I can decline. It''s like that with Ccleaner. I believe it packs Chrome or something with it unless you click custom install and opt out. Come to think of it, I think what it was is an option to set your homepage to Bing. Can't remember now as it's been years since I had to install Ccleaner. But I know it's there.

As far as if it's better than Windows clean up, I have my doubts. If Windows can delete over a Gig of crap then perhaps it's on par to System Ninja. But I have a felling System Ninja is better. I should compare the two. I'll write back with my findings using the default Windows clean up.

User avatar
helloimustbegoing
Board Warrior
Board Warrior
Posts: 1890
Joined: Thu, 28 Jun 2012, 01:20

Re: Ccleaner compromised - check what version you're using!

Unread postby helloimustbegoing » Thu, 21 Sep 2017, 15:35

Off-topic:
I've been using Wise Care 365 on my wife's computer and our son's for a while now. It's way better than CCleaner.
I'm glad I don't have to worry about any of this for my computer (I'm running Linux on it).

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread postby John connor » Thu, 21 Sep 2017, 15:40

Okay, here's a screen shot. You'll notice that Disk Clean up doesn't show any Temp files at all, while System Ninja shows over 50 MB worth of Temp files. So I guess by comparing the two, once I run Disk Cleanup to get rid of upgrade log files and service pack backup files, subsequent runs of Disk Clean up won't find anything else.


Image

lyceus
Moon Magic practitioner
Moon Magic practitioner
Posts: 2210
Joined: Tue, 13 Sep 2011, 23:08

Re: Ccleaner compromised - check what version you're using!

Unread postby lyceus » Fri, 22 Sep 2017, 03:42

FYI, I cleaned the infection using Immunet and ADWcleaner. As I installed it but not used it the payload was low, the worries in my mind are of how the hackers could place the hacked versions in the real server. :think:

Anyway, this trouble is not part of Avast or CClenaer quality. In slashdot several people didn't care/know what is this program for, just came there and based the companies. I think we don't need to copy that behavior here.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: Wed, 21 Jan 2015, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread postby John connor » Fri, 22 Sep 2017, 04:49

The executable should have had a hash to compare with, but most users wouldn't know the first thing on how to use that. I think what it comes down to is lack of watching your server access logs and enforcing good security. For me personally I use layers. Some small and trivial and others big like a WAF. Everything helps. Granted you can have the best security and still have flaws. I have read that you want to patch all server faults no matter how small. Because this is what the NSA bets on and they will pry it open. So with that knowledge it would be prudent to keep up with any and all patches.


Return to “General discussion”

Who is online

Users browsing this forum: No registered users and 6 guests