Ccleaner compromised - check what version you're using!

General discussion and chat (archived)

Moderator: satrow

ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2003
Joined: 2012-06-28, 01:20

Ccleaner compromised - check what version you're using!

Unread post by ron_1 » 2017-09-18, 23:47

If you use CCleaner, check what version you're running. Versions CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 have been compromised. According to Piriform, only the 32-bit versions of the applications were compromised and distributed using the company's own infrastructure. The compromised versions were up for almost a whole month.

https://www.ghacks.net/2017/09/18/ccleaner-compromised-better-check-your-pc/

RJARRRPCGP
Fanatic
Fanatic
Posts: 245
Joined: 2015-06-22, 19:48
Location: USA (North Springfield, Vermont)
Contact:

Re: Ccleaner compromised - check what version you're using!

Unread post by RJARRRPCGP » 2017-09-19, 00:52

Looks like we may have to ban a CA! (Possibly ban Symantec as the CA)

lyceus
Moon Magic practitioner
Moon Magic practitioner
Posts: 2210
Joined: 2011-09-13, 23:08

Re: Ccleaner compromised - check what version you're using!

Unread post by lyceus » 2017-09-19, 01:20

Crap I have installed that version! :sick: :evil:

User avatar
rabnbeinn
Lunatic
Lunatic
Posts: 336
Joined: 2011-11-18, 20:38
Location: Scotland

Re: Ccleaner compromised - check what version you're using!

Unread post by rabnbeinn » 2017-09-19, 13:53

I'm ok, still running version v5.11.5408(64bit)

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1249
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ccleaner compromised - check what version you're using!

Unread post by Tomaso » 2017-09-19, 14:13

So, CCleaner changed from spyware to malware.
A small step.
How this software has gotten such a good reputation in the first place is beyond me.

User avatar
satrow
Forum staff
Forum staff
Posts: 1766
Joined: 2011-09-08, 11:27

Re: Ccleaner compromised - check what version you're using!

Unread post by satrow » 2017-09-19, 14:28

Tomaso wrote:So, CCleaner changed from spyware to malware.
No. One of their servers was compromised.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1249
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ccleaner compromised - check what version you're using!

Unread post by Tomaso » 2017-09-19, 14:31

satrow wrote:No. One of their servers was compromised.
I know.
Just saying.

User avatar
satrow
Forum staff
Forum staff
Posts: 1766
Joined: 2011-09-08, 11:27

Re: Ccleaner compromised - check what version you're using!

Unread post by satrow » 2017-09-19, 15:29

If you can get past your rather obvious bias, you might want to read Avast's latest comment on this subject, you might then find yourself in a position to make a more helpful, useful or accurate comment.

Here's a taster:
... as soon as we became aware of this issue, we engaged and solved it. Within approximately 72 hours of discovery, the issue was resolved by Avast with no known harm to our Piriform customers. The purpose of this article is to clarify what actually happened, correct some misleading information that is currently circulating, recap what actions Avast took, and outline next steps.

Avast acquired Piriform, the maker of CCleaner, on July 18, 2017 because Piriform has a great product, and wonderful supporters and users. And we stand by that today. What we didn’t know was that before we completed the acquisition, the bad actors were likely already in the process of hacking into the Piriform systems. The compromise may have started on July 3rd. The server was provisioned earlier in 2017 and the SSL certificate for the respective https communication had a timestamp of July 3, 2017. We strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition.

The compromised version of CCleaner was released on August 15 and went undetected by any security company for four weeks, underscoring the sophistication of the attack.

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1249
Joined: 2015-07-23, 16:09
Location: Norway

Re: Ccleaner compromised - check what version you're using!

Unread post by Tomaso » 2017-09-19, 15:48

All I'm saying is that the damn thing is spyware, and it has been spyware for years!
The last time I installed CCleaner, both the normal desktop installer and the slim version tried to connect to the internet.
The program executables tried to connect to the internet regardless of the update check setting too.
I can only imagine that the cloud version behaves even worse.

As for the functionality of the program itself, CCleaner gives the users way too little control as to what's actually being done to their systems, IMO.
At the very least, people should be able to configure which files to be cleaned by extension types, and to make use of the recycle bin for restore purposes.

When it comes to system cleaners, my two cents goes to Ace Utilities (shareware):
http://www.acelogix.com/aceutils.html

User avatar
satrow
Forum staff
Forum staff
Posts: 1766
Joined: 2011-09-08, 11:27

Re: Ccleaner compromised - check what version you're using!

Unread post by satrow » 2017-09-19, 16:27

Okay, don't read it. Your description is completely at odds with what I see and have tested, any further ranting/discussion along those lines really should be done elsewhere, as you appear to have zero interest in the topic under discussion here.

dark_moon

Re: Ccleaner compromised - check what version you're using!

Unread post by dark_moon » 2017-09-20, 19:24

As i say it a lot times: Just dont use this tool. You dont need it.
Windows have cleaning tools, Pale Moon too

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: 2015-01-21, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread post by John connor » 2017-09-20, 23:05

I've been using version 4.xx for a long time. I just don't see a need to update, really. It will all do the same thing: basic cleaning of your Temp files and crap. But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
Last edited by John connor on 2017-09-20, 23:07, edited 1 time in total.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: 2015-01-21, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread post by John connor » 2017-09-20, 23:06

Tomaso wrote:All I'm saying is that the damn thing is spyware, and it has been spyware for years!
The last time I installed CCleaner, both the normal desktop installer and the slim version tried to connect to the internet.
The program executables tried to connect to the internet regardless of the update check setting too.
I can only imagine that the cloud version behaves even worse.

As for the functionality of the program itself, CCleaner gives the users way too little control as to what's actually being done to their systems, IMO.
At the very least, people should be able to configure which files to be cleaned by extension types, and to make use of the recycle bin for restore purposes.

When it comes to system cleaners, my two cents goes to Ace Utilities (shareware):
http://www.acelogix.com/aceutils.html

Go to oldversion.com or oldapp.com and grab a version in the 4 area. Also look in the options for anything relating to Internet connectivity.

van p
Lunatic
Lunatic
Posts: 306
Joined: 2015-11-19, 07:15
Location: Cincinnati, OH, U.S.A.

Re: Ccleaner compromised - check what version you're using!

Unread post by van p » 2017-09-21, 05:48

John connor wrote:But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
This may be off-topic, but--

1. Researching System Ninja, one reviewer (2 years ago) called it malware, saying, "I don't care if Opencandy is supposedly not permanent. It's there to track what users do for advertising purposes. It's malware." Know anything about this?

2. Other comments said it does essentially what Windows does, cleaning-wise. Is it your opinion that it does meaningfully more than CCleaner and Windows? If so, is there any point in having CCleaner?

Thanks.
Windows 10 Pro x64 v1903 8GB i5-4570 | Pale Moon v28.5.2 x64

dark_moon

Re: Ccleaner compromised - check what version you're using!

Unread post by dark_moon » 2017-09-21, 08:02

Second round: https://www.ghacks.net/2017/09/21/cclea ... iscovered/ (CCleaner Malware second payload discovered)

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: 2015-01-21, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread post by John connor » 2017-09-21, 15:30

van p wrote:
John connor wrote:But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
This may be off-topic, but--

1. Researching System Ninja, one reviewer (2 years ago) called it malware, saying, "I don't care if Opencandy is supposedly not permanent. It's there to track what users do for advertising purposes. It's malware." Know anything about this?

2. Other comments said it does essentially what Windows does, cleaning-wise. Is it your opinion that it does meaningfully more than CCleaner and Windows? If so, is there any point in having CCleaner?

Thanks.
Well, as a user of System Ninja for about 2 years now I have never seen any opencandy at all. I guess I could run my network sniffer and see if it's calling back home with stuff, but I have a felling all I will find are requests to see if there is a new version. I do however always chose the custom install option when ever I install things just in case something sneaky is there that I can decline. It''s like that with Ccleaner. I believe it packs Chrome or something with it unless you click custom install and opt out. Come to think of it, I think what it was is an option to set your homepage to Bing. Can't remember now as it's been years since I had to install Ccleaner. But I know it's there.

As far as if it's better than Windows clean up, I have my doubts. If Windows can delete over a Gig of crap then perhaps it's on par to System Ninja. But I have a felling System Ninja is better. I should compare the two. I'll write back with my findings using the default Windows clean up.

ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2003
Joined: 2012-06-28, 01:20

Re: Ccleaner compromised - check what version you're using!

Unread post by ron_1 » 2017-09-21, 15:35

Off-topic:
I've been using Wise Care 365 on my wife's computer and our son's for a while now. It's way better than CCleaner.
I'm glad I don't have to worry about any of this for my computer (I'm running Linux on it).

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: 2015-01-21, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread post by John connor » 2017-09-21, 15:40

Okay, here's a screen shot. You'll notice that Disk Clean up doesn't show any Temp files at all, while System Ninja shows over 50 MB worth of Temp files. So I guess by comparing the two, once I run Disk Cleanup to get rid of upgrade log files and service pack backup files, subsequent runs of Disk Clean up won't find anything else.


Image

lyceus
Moon Magic practitioner
Moon Magic practitioner
Posts: 2210
Joined: 2011-09-13, 23:08

Re: Ccleaner compromised - check what version you're using!

Unread post by lyceus » 2017-09-22, 03:42

FYI, I cleaned the infection using Immunet and ADWcleaner. As I installed it but not used it the payload was low, the worries in my mind are of how the hackers could place the hacked versions in the real server. :think:

Anyway, this trouble is not part of Avast or CClenaer quality. In slashdot several people didn't care/know what is this program for, just came there and based the companies. I think we don't need to copy that behavior here.

User avatar
John connor
Banned user
Banned user
Posts: 553
Joined: 2015-01-21, 05:06

Re: Ccleaner compromised - check what version you're using!

Unread post by John connor » 2017-09-22, 04:49

The executable should have had a hash to compare with, but most users wouldn't know the first thing on how to use that. I think what it comes down to is lack of watching your server access logs and enforcing good security. For me personally I use layers. Some small and trivial and others big like a WAF. Everything helps. Granted you can have the best security and still have flaws. I have read that you want to patch all server faults no matter how small. Because this is what the NSA bets on and they will pry it open. So with that knowledge it would be prudent to keep up with any and all patches.

Locked