Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
58936 posts

Uber Geek
+1 received by user: 10302

Administrator
Trusted
Geekzone
Subscriber

Topic # 223197 18-Sep-2017 20:32
One person supports this post
Send private message quote this post

From Cisco's Talos Intelligence blog:

 

 

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

 





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
'That VDSL Cat'
6535 posts

Uber Geek
+1 received by user: 1247

Trusted
Spark
Subscriber

  Reply # 1868241 18-Sep-2017 21:06
2 people support this post
Send private message quote this post

out of all endpoints for the installer to come from in an infected state, avast?....





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




BDFL - Memuneh
58936 posts

Uber Geek
+1 received by user: 10302

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1868253 18-Sep-2017 21:08
One person supports this post
Send private message quote this post

As per blog post, it could be a breach during development, signing or on servers... More to come.





 
 
 
 


1381 posts

Uber Geek
+1 received by user: 192


  Reply # 1868260 18-Sep-2017 21:50
Send private message quote this post

Post here: https://forum.piriform.com/index.php?showtopic=48869 


Gives version numbers affected and only 32 bit version.


More in depth inf here: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

gzt

9087 posts

Uber Geek
+1 received by user: 1250


  Reply # 1868268 18-Sep-2017 22:23
4 people support this post
Send private message quote this post

Am I the only one who thought ccleaner is weird and unnecessary?

1381 posts

Uber Geek
+1 received by user: 192


  Reply # 1868281 18-Sep-2017 22:39
6 people support this post
Send private message quote this post

It has a lot of handy tools all in one place.

317 posts

Ultimate Geek
+1 received by user: 12


  Reply # 1868345 19-Sep-2017 08:02
Send private message quote this post

gzt: Am I the only one who thought ccleaner is weird and unnecessary?

 

Nope, I never really saw the need for it.


5214 posts

Uber Geek
+1 received by user: 1466

Trusted

  Reply # 1868349 19-Sep-2017 08:09
Send private message quote this post

plas:

 

gzt: Am I the only one who thought ccleaner is weird and unnecessary?

 

Nope, I never really saw the need for it.

 

 

 

 

It seemed to serve its purpose when it had the red logo in the ol Core 2 Duo days!
That with the likes of Defraggler hahahaha.



xpd

Geek,gamer,father
8241 posts

Uber Geek
+1 received by user: 1080

Mod Emeritus
Trusted
Subscriber

  Reply # 1868402 19-Sep-2017 09:31
Send private message quote this post

I still use CCleaner - do I have to with Win10 ? Probably not, but still do out of habit back in the XP/Win 7 days where crap did build up :)

 

Did run it on a clients Win 10 install recently tho, found 24GB of files no longer needed (and no, wasnt the recycle bin). After CCLeaner, their system booted hell of a lot faster.





XPD / @DemiseNZ / Gavin
 
Corsair Carbide SPEC-02 / Corsair VS550 / G.SKILL Ripjaws X 8GB / Zotac 760GTX AMP! / ASUS H81M-E / Intel Pentium K Anniversay G3258 @3.9Ghz

 

New ! Retro gaming / emulation forums - http://www.xpd.co.nz/

 

Internet provided by : Voyager - VDSL 65/28  -  Musical Support by : Like A Storm - Visual Entertainment by : Plex and Steam and Overwatch


694 posts

Ultimate Geek
+1 received by user: 110

Subscriber

  Reply # 1868415 19-Sep-2017 09:51
Send private message quote this post

Pity the new free version does nothing useful (for me that I can see). Cleaning is now $25US. Think I'll stick with my old version.





rb99


1850 posts

Uber Geek
+1 received by user: 597

Trusted

  Reply # 1868465 19-Sep-2017 11:31
2 people support this post
Send private message quote this post

I still use CCleaner.

 

Sure, Disk Cleanup in Windows 10 does a lot too.  But CC has the registry cleaner (how much use is removing old entries though really? Maybe none) but will also clean up a lot of apps.  For example it'll compress the Thunderbird and Firefox SQLite database, it'll remove Chrome Cache files, Internet Explorer Cache files etc.

 

It's also got a drive wiper, duplicate files finder, and can show you all your various startup entries.

 

 

 

All these things can be done with other freeware tools, but CCleaner gives it to you in an all-in-one easy to use Interface.

 

 

 

Anyway, that's why I still use it.  But if it was discontinued tomorrow it wouldn't be the end of the world, it doesn't provide anything unique that can't be found in other apps etc.




BDFL - Memuneh
58936 posts

Uber Geek
+1 received by user: 10302

Administrator
Trusted
Geekzone
Subscriber

480 posts

Ultimate Geek
+1 received by user: 87


  Reply # 1868759 19-Sep-2017 17:05
Send private message quote this post

freitasm:

 

From Cisco's Talos Intelligence blog:

 

 

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

 

 

 

From CCleaner website in their news release:

 

------

 

Our new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner. Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15.

 

-----

 

The technical details can be found in their blog on the website.




BDFL - Memuneh
58936 posts

Uber Geek
+1 received by user: 10302

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1868795 19-Sep-2017 18:01
Send private message quote this post

An awful long time for a compromised version to be available. More than two million computers infected.

 

It doesn't say good things about it if Avast couldn't see an infected file on their own servers.





1413 posts

Uber Geek
+1 received by user: 307


  Reply # 1868812 19-Sep-2017 19:01
Send private message quote this post

There are a few examples of Avast exposing their users to serious risks. Examples are:

 

Avast anti-virus https://www.trustwave.com/Resources/SpiderLabs-Blog/Multiple-Vulnerabilities-in-Avast-Antivirus/

 

Avantium web browser https://www.tomsguide.com/us/avast-secure-browser-not-secure,news-22214.html




BDFL - Memuneh
58936 posts

Uber Geek
+1 received by user: 10302

Administrator
Trusted
Geekzone
Subscriber

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone TV — television in the cloud
Posted 17-Oct-2017 19:29


Nokia 8 review: Classy midrange pure Android phone
Posted 16-Oct-2017 07:27


Why carriers might want to embrace Commerce Commission study, MVNOs
Posted 13-Oct-2017 09:42


Fitbit launches Ionic, its health and fitness smartwatch
Posted 12-Oct-2017 15:52


Xero launches machine learning automation to improve coding accuracy for small businesses
Posted 12-Oct-2017 15:45


Bank of New Zealand uses Intel AI to detect financial crime
Posted 12-Oct-2017 15:39


Sony launches Xperia XZ1, a smartphone with real-time 3D capture
Posted 11-Oct-2017 10:26


Notes on Nokia’s phone comeback
Posted 10-Oct-2017 10:06


Air New Zealand begins Inflight Wi-Fi rollout
Posted 9-Oct-2017 20:16


The latest mobile phones in perspective
Posted 9-Oct-2017 18:34


Review: Acronis True Image 2018 — serious backup
Posted 8-Oct-2017 11:22


Lenovo launches ThinkPad Anniversary Edition 25
Posted 7-Oct-2017 23:16


Less fone, more tech as Vodafone gets brand make-over
Posted 6-Oct-2017 08:16


API Talent Achieves AWS MSP Partner Status
Posted 5-Oct-2017 21:20


Stellar Consulting Group now a Domo Partner
Posted 5-Oct-2017 21:03



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.