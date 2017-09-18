Avast's CCleaner Free Windows Application Infected With Malware (bleepingcomputer.com) 127
Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.
It certainly seemed that way given how they advertised.
It seems that most anti-virus programs slow your machine down more than the malware than they purport to protect you from - and they're as damaging to your privacy too.
I'm not at all clear on what value they bring to the table.
Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.
Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.
The notion of something like CCleaner is inherently flawed to begin with. If your system is compromised in any way, the only sane response is to wipe the disk(s), reinstall from known-good media and restore your data from a proper backup (you do keep those, right?). If anything else looks like a good idea, then either your OS has shit security or you are failing to use the security it provides.
It's not really surprising that an inherently problematic concept ("just remove it!") attracts other problems. I
IT IS NOT ANTI-MALWARE, IT IS A DUPE FILE REMOVER, CACHE FILE CLEANER, UTILITY TOOL FOR REMOVING STUBBORN UNINSTALLERS THAT BROKE, ETC.
You fucking idiots want to keep saying it's AV because you don't seem to know a god damn thing about it lol. "Oh it's a terrible security model" - On Windows? MORON.
WHINY PETULANT SLASHDOT BITCHES WHO THINK THEY'RE EXPERTS WITHOUT READING A GOD DAMN THING, LOL
ALSO - only the 32 bit version and cloud versions between 8-15 and 9-12 were infected. 64 bit I have verified is not infected. The trojan is detected by Spyhunter which has a trialware version until you go to remove malware.
If your system is compromised in any way, the only sane response is to wipe the disk(s),
Wipe the disks? Are you nuts. I say we take off and nuke the entire site from orbit. It's the only way to be sure!
Wouldn't it be amazing if everyone had as much free time as you?
It's not an anti-malware program.
It's not an anti-malware program.
It's an optimizer.
I'm not at all clear on what value they bring to the table.
With CCleaner and similar software you get to choose the Malware you have installed in your machine, in other cases you don't choose.
Norton should sue for patent infringement.
Kind of, at least after they were bought by a nefarious corporation intent on monetizing it any way they could.
The original was a really nice application, from an independent developer tired of all the crap on his computer, including the stuff pre-loaded by the vendors. The "C" in CCleaner stands for "crap" - the original name was "Crap Cleaner."
At least valid antivirus software doesn't flood your screen with popups.
Er, I mean, it doesn't nag you to do things you don't want to do.
Well, it doesn't fill your hard drive full of gigabytes of junk.
That is, at least it doesn't mess with your internet connection and cause inexplicable outages.
You know what? I give up.
.. And the malware is (Score:5, Insightful)
... AVAST AntiVirus! Who would have guessed that a great tool like CCleaner would be messed up by Avast in no time at all.
Never had a problem until
I felt the same way when I heard about Avast acquiring CCleaner. I refused to upgrade until I could find some reviews that said Avast hadn't ruined it with bloat like their anti-virus, and damn I'm glad I waited.
Same. I'm still running 5.28. I expected shenanigans with the new versions, but not to this level.
Why payload is so gimped? (Score:5, Interesting)
Someone capable of poisoning signed downloads (high complexity) should be able to select functional payload (low complexity). I don't see any alternative explanation to "ran on 32-bit systems" limitation other than incompetence. This doesn't add up.
because this advertising tool by design not a hacked piece of software. they are just trying to do what windows 10 does.
From the linked article: "The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems."
.
This sounds exactly what Windows 10 telemetry does.
Missing Malware Info
Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.
The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.
Re:Missing Malware Info (Score:4, Interesting)
It's almost like it was meant to inspect corporate or government computers where lazy IT admins might not have migrated 64-bit-capable workstations to 64-bit OSes because they've been maintaining a 32-bit OS/image for years, and to then allow that information to be inspected to determine which computers to attempt to infect with other payloads.
Anyone know if the malware is detectable / fixable (Score:1)
As a regular and longtime user/installer of CCleaner, including version 5.33, it's possible that I may be infected. I've not seen any symptoms nor has Malware Bytes/Comodo detected anything, but....
Can any of the current tools check if any of my PCs are/may be infected?
Sure. CCleaner version 5.34. Available from downloads.ru today!
Sure. CCleaner version 5.34. Available from downloads.ru today!
"Malware cleaning app" (Score:5, Insightful)
Cisco Talos announces that malware cleaning app...
Except it wasn't a malware cleaning app. Just a cleaning app. Maybe it happened to clean malware that got caught in the recycle bin, but that's about the extent of it. Of course, it ended up being a malware-infected cleaning app. Maybe that's what the OP meant??
Can it clean it's own malware though? (Score:2)
.... whoever wrote the original submission and whoever didn't bother to check facts before posting.
You must be new here.
Damn ... (Score:3)
... First, Web of Trust and now this.
Longer discussion on the topic
https://news.ycombinator.com/i... [ycombinator.com]
Where's the MD5/SHA1 for the infected files?
Will it be published on IOS? (Score:1)
That's (Score:2)
A vast issue for them
Ba-zing!
Well duh (Score:1)
I mean deleting thumbnail cache? That's idiotic!
Not if you frequently view, obviously for research purposes, pornographic materials that normally reside on an encrypted drive.
What about stale thumbnail cache? Have you never seen the wrong thumbnails displayed in a file browser window for an image? Additionally, you say that in the sense it deletes thumbnail cache it's "absolutely malware and always has been"? I don't get it.
What program(s) do you use to do what CCleaner does?
Does one need this trash? (Score:1)
"CC Cleaner" sounds like an imitating (malware-ridden) app.
"CCleaner" is the app TFA is discussing.
Superficial and inacurate (Score:4, Informative)
This post is sorely lacking tons of information and the few that are in it are wrong.
CCleaner is NOT a malware cleaning app. It's a registry and regular file cleaner software.
Furthermore, let's dig into the case:
- This ONLY affects the 32-bit version of CCleaner and CCleaner Cloud, which accounts for some 3% of Piriform users. If you are using 64-bit version, you are probably safe. From Piriform’s website: “This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected.”;
- From Piriform’s accessment, here’s the actual danger: “The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done.”
- The investigation is still ongoing, but Piriform is saying that the issue has been solved, that no harm was done, and what seems like it didn’t originate from official CCleaner/Piriform sources. Which is to say, it could be embedded code that was inserted on 3rd party download websites. There is further explanation on Talos' post how it was a sofisticated attack because whoever did it managed to put up a valid cert on the infected version of Ccleaner though, so there should be more information coming out as the investigation proceeds.
If you wanna dig more into the whole thing, here's Piriform's official statement:
https://www.piriform.com/news/... [piriform.com]
And here's Talos security accessment of the case:
http://blog.talosintelligence.... [talosintelligence.com]
One more reason (Score:1)
I am looking forward to my exit in supporting other people's Windows boxen. I cannot *wait* until I can say, with a big fat grin on my face, "Sorry, I don't do Windows support anymore", or better yet, "Sorry, I've literally *never* used Windows 11" (or whatever stupid Windows name they call it by then).
I'm getting goosebumps just thinking about it. Oh, happy days await me. =}
FFS, creimer, please go watch this video and take its advice to heart.
https://www.youtube.com/watch?... [youtube.com]
"The only applications I use ARE Microsoft Defender and Malware Bytes."
For a "published" "writer", you sure do have problems constructing grammatically correct English sentences.
For a "published" "writer", you sure do have problems constructing grammatically correct English sentences.
If I wrote perfect sentences, you would have nothing to bitch about on Slashdot.
I love the cover image for "The Giggling Mongoose: Scarlet Hearts" -- the cover image reads, "The Giggling Mongoose: Scartlet Hearts" - he can't even fucking spell the titles of his books properly... do you really expect him to put any effort into the actual CONTENT?
If only Photoshop had a spellchecker! Thanks for pointing that out. I'll have it fix tonight. The downside of being an indie author is that you're one-person publishing house and mistakes happen all the time.
It's a good thing we stopped the affiliate link nonsense.
That's funny. I counted 50+ affiliate tags being used by ACs over the last few months. Most never got called out because they're ACs. Sounds like a double standard to me.
The only applications that I use is Microsoft Defender and Malware Bytes. All the third-party applications for keeping WinXP running weren't needed in Vista/7/8/10.
cdreimer, that sounds like a really boring PC. At least install Excel so you can have some fun typing in numbers and making up formulas.
Not as exciting as cat videos, I know, but something. There'e only so long I can watch Microsoft Defender before the magic starts to wear off.
There'e only so long I can watch Microsoft Defender before the magic starts to wear off.
Microsoft Defender on my PCs kick off at 3:00AM in the morning. If you're having trouble sleeping that late at night, I suggest taking Nyquil.
You two should get a room.
I doubt I could put up with the constant wanking. I find such lack of self-control disturbing.
And of course, YOUR schedule must be the universal schedule.
IIRC, Microsoft Defender runs as an automatic task at 3:00AM. Since that's default setting, I haven't changed it.
Those of us "in the know" only trust APKs hosts file generator to stay protected from malware.
Cruz/Palin 2020
A hosts file is a single blacklist. A problem with blacklisting is that you have to implicitly trust the creator of the blacklist (unless you're going to tell me you personally verified each individual entry in it?). You have to trust that they didn't miss anything that should have been included in the blacklist, which is hard to confirm. You also have to trust that their reasons for adding an entry are what they claim (remember the politically motivated entries in censorship software like NetNanny?). T