Petrovic Posted September 18, 2017 Share Posted September 18, 2017 Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday. The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices. CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner. A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said. Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software. “There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program. In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said. CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said. Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed. It said the server was closed down on Sept. 15 “before any known harm was done”. Source Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 18, 2017 Share Posted September 18, 2017 not ccleaner Link to comment Share on other sites More sharing options...
ARMOUR Posted September 18, 2017 Share Posted September 18, 2017 From piriform blog. Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 18, 2017 Share Posted September 18, 2017 i hope ccleaner not change to much things if they do Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 18, 2017 Share Posted September 18, 2017 7 hours ago, 0bin said: I think Avast don't want ruin this investment, and give some liberty to Piriform. the good thing is if people download from my posts u not have this problems i make sure no bad code in my versions but now ccleaner have updated maybe things changed inside the program ? ill have a look soon Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 18, 2017 Share Posted September 18, 2017 i see this This version was signed using a valid certificate that was issued to Piriform Ltd by Symantec Symantec Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 18, 2017 Share Posted September 18, 2017 i just look at newer version it have changed and added new files inside i can make my version like i did but it seems now on 32bit exe more av flag my exe now with 3 avs but as more then one av flags it maybe its best i not post for ccleaner nomore as maybe people will say i give virus or somethings like that its a shame as its just the 32bit exe not 64bit and its not ClamAV Link to comment Share on other sites More sharing options...
steven36 Posted September 18, 2017 Share Posted September 18, 2017 Scary stuff , from what I get here it was only the 32 bit version that was compromised . Quote Posted Today, 02:12 AM Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users Posted Today, 02:12 AM We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again. Issue Summary: Our new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner. Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 users were safe—we worked with download sites to remove CCleaner v5.33.6162, we pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, we automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214, and for users using Avast Antivirus, they received an automatic update. We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog at: www.piriform.com/news/blog. Again, we sincerely apologize for this and are committed to making sure nothing similar happens again. We encourage any user of the 32-bit version of CCleaner v5.33.6162 to download the latest version of Piriform CCleaner found here: www.piriform.com/ccleaner/download/standard. https://forum.piriform.com/index.php?s=82dc16100de70b7bf894195733870766&showtopic=48869 Link to comment Share on other sites More sharing options...
sam3971 Posted September 18, 2017 Share Posted September 18, 2017 That is kinda silly if it only affected the 32bit version. I was running this edition on x64 but did not notice anything. Link to comment Share on other sites More sharing options...
HJSC Posted September 18, 2017 Share Posted September 18, 2017 If only the 32 bit version executable has been affected, then only one update is sufficient to resolve the said problem? Incidentally, only the free version of CCleaner has been affected, right? Thankfully I migrated some time ago for the Tech Edition. Well, I still have the slim version of ccleaner 5.33.6162, and this is the result of the analysis on the virus total: Spoiler Link to comment Share on other sites More sharing options...
Recruit Posted September 18, 2017 Share Posted September 18, 2017 AVAST Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 18, 2017 Share Posted September 18, 2017 8 hours ago, HJSC said: If only the 32 bit version executable has been affected, then only one update is sufficient to resolve the said problem? Incidentally, only the free version of CCleaner has been affected, right? Thankfully I migrated some time ago for the Tech Edition. Well, I still have the slim version of ccleaner 5.33.6162, and this is the result of the analysis on the virus total: Hide contents can u post this version i wait to see it as its real virus inside it i think i tryed to download from http://www.piriform.com/ccleaner/download/slim/downloadfile but cant Link to comment Share on other sites More sharing options...
HJSC Posted September 18, 2017 Share Posted September 18, 2017 @knowledge Of course, bro. https://www.upload.ee/files/7470971/ccsetup533_slim.exe.html If anyone has the Tech Edition (5.33.6162) and can post it I would be very grateful. Link to comment Share on other sites More sharing options...
Recruit Posted September 18, 2017 Share Posted September 18, 2017 Ccleaner 5.33.6162 All Versions : for our " security experts " : I need a good laugh ! I haven't included my bro @knowledge here ! Hope Mr. SysAdmin will not be late.... Site: https://www.upload.ee Sharecode[?]: /files/7471006/CCleaner_5.33.6162.rar.html Site: https://www.mirrorcreator.com Sharecode[?]: /files/ZO0GZBID/CCleaner_5.33.6162.rar_links Link to comment Share on other sites More sharing options...
HJSC Posted September 18, 2017 Share Posted September 18, 2017 The Tech Edition was also compromised Anyway, I didn't get to run the 32bit version of CCleaner. Link to comment Share on other sites More sharing options...
I Am Negan Posted September 18, 2017 Share Posted September 18, 2017 So the x64 version is ok? Link to comment Share on other sites More sharing options...
xanax Posted September 18, 2017 Share Posted September 18, 2017 and after all, Piriform still deploy infected version, OMG Link to comment Share on other sites More sharing options...
Recruit Posted September 18, 2017 Share Posted September 18, 2017 Oh yeah : Avast investigated the incident but their engine doesn't recognize the threat : Link to comment Share on other sites More sharing options...
I Am Negan Posted September 18, 2017 Share Posted September 18, 2017 Is there any hash files for the good and bad version? Link to comment Share on other sites More sharing options...
Pete 12 Posted September 18, 2017 Share Posted September 18, 2017 Dont let them ( bad guys ) make you crazy Master Knowledge , and ,please, keep making your nice-looking CCleaner-versions , everytime when a new version comes out.................!! Link to comment Share on other sites More sharing options...
Iznogoud Posted September 18, 2017 Share Posted September 18, 2017 Current version of CCleaner is 5.34, I installed over version 5.33 (which i was installed from ccsetup533.exe setup). Is my PC (win 10 x64) infected? ESET do not report anything. Link to comment Share on other sites More sharing options...
HJSC Posted September 18, 2017 Share Posted September 18, 2017 Well, now I feel more relieved, since I installed the 5.33.6162 version in the middle of the month of August. However, I downloaded 5.34.6207 versions on September 12th. Link to comment Share on other sites More sharing options...
virge Posted September 18, 2017 Share Posted September 18, 2017 The exploit was in the 32-bit version of CCleaner 5.33.6162 and the 32-bit version of CCleaner Cloud 1.07.3191. To resolve it, update and replace with version CCleaner 5.34.6207. 64-bit versions were not affected. Source: https://lifehacker.com/ccleaner-s-32-bit-app-was-infected-here-s-how-to-fix-it-1818509210 Link to comment Share on other sites More sharing options...
Cat' Posted September 18, 2017 Share Posted September 18, 2017 this is the application that has most met the needs of cleaning temporary files, time use the slim version that has similar functions !. Effective the recommended program. Link to comment Share on other sites More sharing options...
BALTAGY Posted September 18, 2017 Share Posted September 18, 2017 4 hours ago, Recruit said: Oh yeah : Avast investigated the incident but their engine doesn't recognize the threat : This is the hash that should be detected you will find it here>> and still Avast don't detect it lol Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.