Page 1 of 2
Ccleaner compromised - check what version you're using!
Posted: 2017-09-18, 23:47
by ron_1
If you use CCleaner, check what version you're running. Versions CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 have been compromised. According to Piriform, only the 32-bit versions of the applications were compromised and distributed using the company's own infrastructure. The compromised versions were up for almost a whole month.
https://www.ghacks.net/2017/09/18/ccleaner-compromised-better-check-your-pc/
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 00:52
by RJARRRPCGP
Looks like we may have to ban a CA! (Possibly ban Symantec as the CA)
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 01:20
by lyceus
Crap I have installed that version!
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 13:53
by rabnbeinn
I'm ok, still running version v5.11.5408(64bit)
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 14:13
by Tomaso
So, CCleaner changed from spyware to malware.
A small step.
How this software has gotten such a good reputation in the first place is beyond me.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 14:28
by satrow
Tomaso wrote:So, CCleaner changed from spyware to malware.
No. One of their servers was compromised.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 14:31
by Tomaso
satrow wrote:No. One of their servers was compromised.
I know.
Just saying.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 15:29
by satrow
If you can get past your rather obvious bias, you might want to read
Avast's latest comment on this subject, you might then find yourself in a position to make a more helpful, useful or accurate comment.
Here's a taster:
... as soon as we became aware of this issue, we engaged and solved it. Within approximately 72 hours of discovery, the issue was resolved by Avast with no known harm to our Piriform customers. The purpose of this article is to clarify what actually happened, correct some misleading information that is currently circulating, recap what actions Avast took, and outline next steps.
Avast acquired Piriform, the maker of CCleaner, on July 18, 2017 because Piriform has a great product, and wonderful supporters and users. And we stand by that today. What we didn’t know was that before we completed the acquisition, the bad actors were likely already in the process of hacking into the Piriform systems. The compromise may have started on July 3rd. The server was provisioned earlier in 2017 and the SSL certificate for the respective https communication had a timestamp of July 3, 2017. We strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition.
The compromised version of CCleaner was released on August 15 and went undetected by any security company for four weeks, underscoring the sophistication of the attack.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 15:48
by Tomaso
All I'm saying is that the damn thing is spyware, and it has been spyware for years!
The last time I installed CCleaner, both the normal desktop installer and the slim version tried to connect to the internet.
The program executables tried to connect to the internet regardless of the update check setting too.
I can only imagine that the cloud version behaves even worse.
As for the functionality of the program itself, CCleaner gives the users way too little control as to what's actually being done to their systems, IMO.
At the very least, people should be able to configure which files to be cleaned by extension types, and to make use of the recycle bin for restore purposes.
When it comes to system cleaners, my two cents goes to Ace Utilities (shareware):
http://www.acelogix.com/aceutils.html
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-19, 16:27
by satrow
Okay, don't read it. Your description is completely at odds with what I see and have tested, any further ranting/discussion along those lines really should be done elsewhere, as you appear to have zero interest in the topic under discussion here.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-20, 19:24
by dark_moon
As i say it a lot times: Just dont use this tool. You dont need it.
Windows have cleaning tools, Pale Moon too
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-20, 23:05
by John connor
I've been using version 4.xx for a long time. I just don't see a need to update, really. It will all do the same thing: basic cleaning of your Temp files and crap. But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-20, 23:06
by John connor
Tomaso wrote:All I'm saying is that the damn thing is spyware, and it has been spyware for years!
The last time I installed CCleaner, both the normal desktop installer and the slim version tried to connect to the internet.
The program executables tried to connect to the internet regardless of the update check setting too.
I can only imagine that the cloud version behaves even worse.
As for the functionality of the program itself, CCleaner gives the users way too little control as to what's actually being done to their systems, IMO.
At the very least, people should be able to configure which files to be cleaned by extension types, and to make use of the recycle bin for restore purposes.
When it comes to system cleaners, my two cents goes to Ace Utilities (shareware):
http://www.acelogix.com/aceutils.html
Go to oldversion.com or oldapp.com and grab a version in the 4 area. Also look in the options for anything relating to Internet connectivity.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-21, 05:48
by van p
John connor wrote:But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
This may be off-topic, but--
1. Researching System Ninja, one reviewer (2 years ago) called it malware, saying, "I don't care if Opencandy is supposedly not permanent. It's there to track what users do for advertising purposes. It's malware." Know anything about this?
2. Other comments said it does essentially what Windows does, cleaning-wise. Is it your opinion that it does meaningfully more than CCleaner and Windows? If so, is there any point in having CCleaner?
Thanks.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-21, 08:02
by dark_moon
Second round:
https://www.ghacks.net/2017/09/21/cclea ... iscovered/ (CCleaner Malware second payload discovered)
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-21, 15:30
by John connor
van p wrote:John connor wrote:But I also use System Ninja and it will nab Temp files you never thought possible! Go ahead and check it out. You may be very surprised.
This may be off-topic, but--
1. Researching System Ninja, one reviewer (2 years ago) called it malware, saying, "I don't care if Opencandy is supposedly not permanent. It's there to track what users do for advertising purposes. It's malware." Know anything about this?
2. Other comments said it does essentially what Windows does, cleaning-wise. Is it your opinion that it does meaningfully more than CCleaner and Windows? If so, is there any point in having CCleaner?
Thanks.
Well, as a user of System Ninja for about 2 years now I have never seen any opencandy at all. I guess I could run my network sniffer and see if it's calling back home with stuff, but I have a felling all I will find are requests to see if there is a new version. I do however always chose the custom install option when ever I install things just in case something sneaky is there that I can decline. It''s like that with Ccleaner. I believe it packs Chrome or something with it unless you click custom install and opt out. Come to think of it, I think what it was is an option to set your homepage to Bing. Can't remember now as it's been years since I had to install Ccleaner. But I know it's there.
As far as if it's better than Windows clean up, I have my doubts. If Windows can delete over a Gig of crap then perhaps it's on par to System Ninja. But I have a felling System Ninja is better. I should compare the two. I'll write back with my findings using the default Windows clean up.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-21, 15:35
by ron_1
Off-topic:
I've been using Wise Care 365 on my wife's computer and our son's for a while now. It's way better than CCleaner.
I'm glad I don't have to worry about any of this for my computer (I'm running Linux on it).
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-21, 15:40
by John connor
Okay, here's a screen shot. You'll notice that Disk Clean up doesn't show any Temp files at all, while System Ninja shows over 50 MB worth of Temp files. So I guess by comparing the two, once I run Disk Cleanup to get rid of upgrade log files and service pack backup files, subsequent runs of Disk Clean up won't find anything else.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-22, 03:42
by lyceus
FYI, I cleaned the infection using Immunet and ADWcleaner. As I installed it but not used it the payload was low, the worries in my mind are of how the hackers could place the hacked versions in the real server.
Anyway, this trouble is not part of Avast or CClenaer quality. In slashdot several people didn't care/know what is this program for, just came there and based the companies. I think we don't need to copy that behavior here.
Re: Ccleaner compromised - check what version you're using!
Posted: 2017-09-22, 04:49
by John connor
The executable should have had a hash to compare with, but most users wouldn't know the first thing on how to use that. I think what it comes down to is lack of watching your server access logs and enforcing good security. For me personally I use layers. Some small and trivial and others big like a WAF. Everything helps. Granted you can have the best security and still have flaws. I have read that you want to patch all server faults no matter how small. Because this is what the NSA bets on and they will pry it open. So with that knowledge it would be prudent to keep up with any and all patches.