Malware hidden in cCleaner debacle...

[captain_to_fire]

4 minutes ago, TidaLWaveZ said:

You've got to remember that we're severely outnumbered by people who truly couldn't accomplish the task of navigating to disk cleanup.

I think Disk Cleanup should be bolted inside the Settings because in the Control Panel, it's under Administrative Tools which isn't the first thing you'll see nor there's a Windows notification to cleanup junk in your PC.

 

[TidaLWaveZ]

6 minutes ago, hey_yo_ said:

I think Disk Cleanup should be bolted inside the Settings because in the Control Panel, it's under Administrative Tools which isn't the first thing you'll see nor there's a Windows notification to cleanup junk in your PC.

 

I'm just commenting more on peoples ability to care at all. I honestly and wholeheartedly believe that the vast majority of people who use computers on a daily basis are completely careless to the point where if their computer gets slow they just think it's time to buy a new one.

[Alariel]

I'm gonna go out on a limb here and say gigantic botnet.

[XenosTech]

Running 5.34 since last month... Then again I only use this to clean my registry after uninstalling a lot of programs

[onlybuilt4cubanxlinx]

Sometimes it pays to disable automatic updates.

[Taf the Ghost]

Sophisticated attack vector, so likely more for Corporate-type targets. Collecting passwords & credentials to attack more valuable targets on a network. Quite clever, actually, as it's not actually a delivery for malware itself, but for collection tracking software. Nation State?

[foosballgamer34]

Its an already fixed issue, but ironically it did turn a program made by a AV subsidiary into malware. Basically to fix it download ccleaner latest release 5.34. It removes the part that turns ccleaner into a logging malware. Also on what was more likely avast`s end they shutdown the servers the software linked to. if your wondering what it captured "computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part." ->
https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/
 
 
Although if you want to go full tin foil hat. It was a inside job based on piriforms official blog post statement "was illegally modified before it was released to the public" in the link -> .http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users .

[dfsdfgfkjsefoiqzemnd]

3 minutes ago, ImHyperstyle said:

quick question... who uses 32bit?

I do on one of my machines.  My netbook has a 32bit CPU.  That kinda makes it difficult to run a 64bit OS on that one.

 

Fortunately it's running Mint 18.1 nowadays, so no worries here. 

[MageTank]

All these years, and CCleaner was perfectly fine. 2 months after being acquired by Avast, and this happens? Yeah... pointing my fingers at the god-awful "anti-malware" company here. Could be the fact that I am still very salty with Avast nuking my OS when it thought it found malware, lol. 

[SpaceGhostC2C]

3 hours ago, hey_yo_ said:

There's a thing called Disk Cleanup. 

I've never seen Disk Cleanup perform a registry cleanup, which in my opinion was the main true reason for CCleaner's existence.

[mynameisjuan]

20 minutes ago, MageTank said:

All these years, and CCleaner was perfectly fine. 2 months after being acquired by Avast, and this happens? Yeah... pointing my fingers at the god-awful "anti-malware" company here. Could be the fact that I am still very salty with Avast nuking my OS when it thought it found malware, lol. 

This has nothing to do with Avast. 2 months after they acquire them is not enough time for them to dig their fingers into as it will then take time to figure out what to do, how to do, what resources to use....etc...You dont just buy a company and next week its a different product. This was just a back door that wasnt found until now. 

[MageTank]

41 minutes ago, mynameisjuan said:

This has nothing to do with Avast. 2 months after they acquire them is not enough time for them to dig their fingers into as it will then take time to figure out what to do, how to do, what resources to use....etc...You dont just buy a company and next week its a different product. This was just a back door that wasnt found until now. 

This issue came from a version released in August, after avast aquired ccleaner and started hosting piriform. It is not impacting any release before 5.33. in fact, version 5.32 (released on July 11th, 8 days before avast bought piriform) was exempt from this issue. Literally the first release AFTER avast acquired Piriform, we see a security breach of Piriform for the first time ever in their 12+ year run, and you think I am crazy for making that assumption? This is not a case of it being a backdoor that has existed for several versions of a product. It only existed in one version of it, and only existed after hosting changed hands. This might just be a tin foil hat kind of assumption, but I genuinely believe it.

[TidaLWaveZ]

4 minutes ago, MageTank said:

This issue came from a version released in August, after avast aquired ccleaner and started hosting piriform. It is not impacting any release before 5.33. in fact, version 5.32 (released on July 11th, 8 days before avast bought piriform) was exempt from this issue. Literally the first release AFTER avast acquired Piriform, we see a security breach of Piriform for the first time ever in their 12+ year run, and you think I am crazy for making that assumption? This is not a case of it being a backdoor that has existed for several versions of a product. It only existed in one version of it, and only existed after hosting changed hands. This might just be a tin foil hat kind of assumption, but I genuinely believe it.

 

Suspicious indeed...

[mynameisjuan]

3 minutes ago, MageTank said:

This issue came from a version released in August, after avast aquired ccleaner and started hosting piriform. It is not impacting any release before 5.33. in fact, version 5.32 (released on July 11th, 8 days before avast bought piriform) was exempt from this issue. Literally the first release AFTER avast acquired Piriform, we see a security breach of Piriform for the first time ever in their 12+ year run, and you think I am crazy for making that assumption? This is not a case of it being a backdoor that has existed for several versions of a product. It only existed in one version of it, and only existed after hosting changed hands. This might just be a tin foil hat kind of assumption, but I genuinely believe it.

I cant say the assumption is wrong. Just the fact that acquiring a company and making changes takes a lot longer before they do their damage. 2 months seems just too quick.

[Demonking]

iv'e stopped using it earlier this year so i'm good, and my phone app hasn't been updated since may.

[Kamina]

5 hours ago, Alariel said:

I'm gonna go out on a limb here and say gigantic botnet.

With Adnauseam, I am botnet.

[NumLock21]

5 hours ago, hey_yo_ said:

There's a thing called Disk Cleanup. Also, I don't notice any performance difference way back in 2010-2012 when I was using it with Windows 7.

Windows Disk Cleanup is limited and cannot clean additional stuffs where CCleaner can.

5 hours ago, JoostinOnline said:

It cleans up a lot more than Disk Cleanup does.

 

It doesn't boost your performance at all though.  If anything, it hinders it, depending on if you say yes to the background services.  When you're low on space it's really helpful though.  I've got an SSD in my laptop, and I can't buy a bigger one until prices drop, so it's useful.

Actually it does. Did a clean install of the OS, drivers, windows updates and programs. Then Windows started to lagged for no reason. So I ran CCleaner and everything went back to normal.

[Bananasplit_00]

i used to run CCleaner, its usefull to get rid of a bunch of crap files quickly and alerts you when you can save a nice amount to clean. i havent used it since i had to reinstall windows last though so i should be fine, that was a month or something back and even then it wasent up to date

[2FA]

7 hours ago, TidaLWaveZ said:

I'm still severely confused and the more I try to read through the detailed explanation the less sense it makes to me.

 

Seems like the malware just collects the PC's system information and sends it to back to a certain IP.

What it is doing is checking system time just before the initial function call and then 601 seconds later to make sure 601 seconds has actually passed. The purpose of this is to not call any additional malicious code during those 601 seconds as automated anti-malware processes will scan the recently started CCleaner.exe. The scan will typically be over by the time that 601 seconds has passed. The malicious code included into CCleaner then establishes contact with a Command and Control (C2) server. From there the C2 server can then send the actual payload if commanded.

[TVwazhere]

I've personally used it because my knowledge of registry, temp files that are safe to delete and optimizations are limited. And as noted, it works a bit more thoroughly than Disk cleanup. I'm too busy focusing on hardware anyways (fortunately I haven't used it personally on my computer in more than a year, nor put it on any computer since 2016)

[johndms]

https://blog.malwarebytes.com/security-world/2017/09/infected-ccleaner-downloads-from-official-servers/

[YamiYukiSenpai]

I was playing Mass Effect Andromeda multiplayer today, and it was lagging like crazy

Closed CCleaner and it was smooth as silk again.

Dunno if the had anything to do with it.

[Doobeedoo]

Definitely sucks when it happens to software that is to help clean pc though. 

[Jito463]

On 9/18/2017 at 8:25 AM, Arokhantos said:

Ccleaner is from the windows 95 era, why we still need app like this anyway, heck if not used it in years since the tools are all inside windows anyway to clean everything up

On 9/18/2017 at 8:53 AM, hey_yo_ said:

There's a thing called Disk Cleanup

As others have said already, Disk Cleanup doesn't remove all the temp files.  CCleaner will also clean temp files from your browsers, not just Windows (just for one example).

On 9/18/2017 at 12:44 PM, SpaceGhostC2C said:

I've never seen Disk Cleanup perform a registry cleanup, which in my opinion was the main true reason for CCleaner's existence.

Personally, I strongly advise against using the registry cleaner.  I haven't trusted any of them since the Win9x days (and even then, I only used them sparingly).

[SpaceGhostC2C]

1 hour ago, Jito463 said:

 

Personally, I strongly advise against using the registry cleaner.  I haven't trusted any of them since the Win9x days (and even then, I only used them sparingly).

I see no reason for that. The registry cleaner will list everything it plans to remove for you to check before doing anything, so it's only as unsafe as you wan to make it. And it offers to back up the current registry, so...

Not that there is any problem with clicking clean all, no backup please anyway  

 

Registry cleaning is the only thing I use it for, I would have no use for CCleaner otherwise.