Avast reckons CCleaner malware infected 2.27M users

[thackney]

Avast reckons CCleaner malware infected 2.27M users
https://techcrunch.com/2017/09/18/avast-reckons-ccleaner-malware-infected-2-27m-users/
9/18/2017

Users of a free software tool designed to optimize system performance on Windows PCs and Android mobile devices got a nasty shock this morning when Piriform, the company which makes the CCleaner tool, revealed in a blog post that certain versions of the software had been compromised by hackers — and that malicious, data-harvesting software had piggybacked on its installer program.

The affected versions of the software are CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

The company is urging users to upgrade to version 5.34 or higher (which it says is available for download here).

So clearly some users may still have a compromised PC on their hands (Piriform says it’s moving all users of the CCleaner to the latest version of the software, while noting that users of CCleaner Cloud will have been updated automatically.)

The malware was apparently capable of harvesting various types of data from infected machines — specifically, Piriform says: the computer name, IP address, list of installed software, list of active software and list of network adapters (data it describes as “non-sensitive”) — transmitting it to a third party computer server located in the US.

“We have no indications that any other data has been sent to the server,” it writes....

[driftdiver]

oops

[kidd]

http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/

CCleaner, the computer-optimizing tool made by software company Piriform, was successfully infected by malware, according to security firm Cisco Talos. The malware reportedly tried to connect to unregistered websites in order to remotely download even more harmful programs to users’ computers.

Security experts say the Trojan horse-style attack hackers launched affected over 2 million CCleaner customers who downloaded the product in August.

“By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,” researchers at Talos said.

Piriform’s parent company, Avast, released a statement after the breach was announced saying the infected software had been dealt with.

“Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” an Avast spokesperson said.

“There is nothing a user could have noticed,” said Talos researcher Craig Williams. The malware expert added that a similar attack was carried out on accounting software in the Ukraine in June. The revelation is sure to be unsettling for the 130 million people who reportedly use the trusted PC cleaning tool.

[kidd]

Yikes.
I have an old version of this that I use.

Be alert.

[XenaLee]

Hmmm.... I know I have downloaded a version of that software in the past..... but for some reason I never actually ran it or used it. 

[Free Vulcan]

I went to iObit suite of software but still you CCleaner from time to time. I'm updated now, and the firewall should have stopped any intrusions.

[thackney]

I use CCleaner all the time.  I update it at least every month.  And I updated after reading but before posting this article.

Way back in the early 90s, the electric utility I was working for bought a floppy-disk version of virus software, I think early McAfee.  There was a virus on the disk.  We loaded it onto every PC in the company.

[Sighlass]

Wow, how embarrassing... I also run an older version of this, but not the one listed. No real alternatives to it that I trust... (maybe Hillary's Bleachbit)....

[andy58-in-nh]

I use Malwarebytes Anti-Malware Premium.

Love it. It has saved my ass more than once from nasty intrusions that Kaspersky Internet Security didn't quite catch in time. And Kaspersky is pretty good.

[Free Vulcan]

I use Malwarebytes Anti-Malware Premium.

Love it. It has saved my ass more than once from nasty intrusions that Kaspersky Internet Security didn't quite catch in time. And Kaspersky is pretty good.

Malwarebytes is pretty good, I use it as a backup.

[thackney]

I use Malwarebytes Anti-Malware Premium.

Love it. It has saved my ass more than once from nasty intrusions that Kaspersky Internet Security didn't quite catch in time. And Kaspersky is pretty good.

I also use Malwarebytes Ati-Malware, but the free version.  Also run SpyBot Search and Destroy.  But I run the CCleaner the most, because it is the fastest.  I know, fastest is far from the best, but because it is fast, I use it often, and run the other two once in a while.

[Oceander]

Oopsie!

[andy58-in-nh]

I also use Malwarebytes Ati-Malware, but the free version.  Also run SpyBot Search and Destroy.  But I run the CCleaner the most, because it is the fastest.  I know, fastest is far from the best, but because it is fast, I use it often, and run the other two once in a while.

SpyBot is also an excellent product, but with the purchased version of Malwarebytes (which comes with a lifetime license, by the way), database updates are made daily and I found I no longer needed another such utility.

It is a jungle out there. I am constantly amazed at how many people I speak with rely solely on Microsoft's firewall and browser settings, or worse, think that because they have a Mac or iPad that they can't get a virus or Trojan infection. 

[Weird Tolkienish Figure]

I have never ever used any registry cleaner in windows.

[andy58-in-nh]

I have never ever used any registry cleaner in windows.

AVG PC Tuneup is a good choice, if you ever decide to want to speed things up. The MS Windows registry collects many broken keys and calls to missing links over time.

[roamer_1]

I also use Malwarebytes Ati-Malware, but the free version.  Also run SpyBot Search and Destroy.  But I run the CCleaner the most, because it is the fastest.  I know, fastest is far from the best, but because it is fast, I use it often, and run the other two once in a while.

CCleaner is not anti-malware. CCleaner is for dumping caches. All it does is get rid of temp files that would otherwise be a chore to remove by hand.

[roamer_1]

I have never ever used any registry cleaner in windows.

I am sorry for you - Reg cleaning is a normal part of PC maintenance.
If your registry has not been cleaned and defragmented for more than a year, you will find a significant difference (noticeable) in doing so.

[Restored]

Way back in the early 90s, the electric utility I was working for bought a floppy-disk version of virus software, I think early McAfee.  There was a virus on the disk.  We loaded it onto every PC in the company.

Our head of Network Security was also head of the Diversity Committee. He put out a Diversity newsletter every month that infected every machine that opened it. Unfortunately, the only people who opened it were upper management. Every month, we would have to clean the virus off their machines. Convincing the head of Network Security that he is infected with a virus is  next to impossible, especially if he has an embarrassing lack of knowledge about computers.. Convincing upper management that the person they put as head of the Diversity Committee has a virus is equally difficult. It continued for almost 6 months with frequents phone calls of "Why isn't this fixed?"

[XenaLee]

For PC-tune up and maintenance.... what do you guys think about System Mechanic?  Any negative feedback?  I was thinking of purchasing it (have used in the past).

[GtHawk]

For PC-tune up and maintenance.... what do you guys think about System Mechanic?  Any negative feedback?  I was thinking of purchasing it (have used in the past).

I use IObit's Advanced SystemCare Ultimate and have had no issues with it.

[roamer_1]

For PC-tune up and maintenance.... what do you guys think about System Mechanic?  Any negative feedback?  I was thinking of purchasing it (have used in the past).

Meh. Really nothing there worth buying, except that it is scheduled and automatic - which I actually do not recommend. Far better for users to do common tasks interactively, if they indeed will. Then you know there is a problem when it occurs.

Besides, most of what it offers is available free - I am a service tech, and the only software I buy is Anti-virus and Partitioning tools. All the rest is better in free versions, and I prefer a distributed set of tools, compared to a single monolith from one company.

Even Anti-virus. I buy Kaspersky, but if your machine were on my bench, it would be scanned by Kaspersky, and at least one other (maybe all 5) of the five AVs I support.

[roamer_1]

Notice that this breach did not actually Affect anyone. the rogue code was detected and the site seized by LEO. SO this hurt no one.

But it is interesting how their master code became infected... It seems at build - which would nearly necessitate hands-on access.

[XenaLee]

Meh. Really nothing there worth buying, except that it is scheduled and automatic - which I actually do not recommend. Far better for users to do common tasks interactively, if they indeed will. Then you know there is a problem when it occurs.

Besides, most of what it offers is available free - I am a service tech, and the only software I buy is Anti-virus and Partitioning tools. All the rest is better in free versions, and I prefer a distributed set of tools, compared to a single monolith from one company.

Even Anti-virus. I buy Kaspersky, but if your machine were on my bench, it would be scanned by Kaspersky, and at least one other (maybe all 5) of the five AVs I support.

Wow.  All 5, eh? 

Well.... I am having a recurring issue with a backdoor.bot that the free version of Malwarebytes finds, and quarantines....but it still keeps coming back.  I have removed anything and everything from that pc (I have another working one (Dell) that I use for financial stuff)....that hackers might want or could use.  It's just for surfing the net and games now.  But it still annoys the hell out of me whenever it shows back up in my "Start-up" folder.  Grrr....

[XenaLee]

I use IObit's Advanced SystemCare Ultimate and have had no issues with it.

Ok thanks....I will check it out.

[Restored]

Notice that this breach did not actually Affect anyone. the rogue code was detected and the site seized by LEO. SO this hurt no one.

But it is interesting how their master code became infected... It seems at build - which would nearly necessitate hands-on access.

Probably the process of including bloatware into the software was the conduit.