Fake Update Notices... Now using the CCleaner brand

[Jack]

While searching for malware I've found a new type of fake update screen. I've seen a lot of "Flash Player Update Recommended", "Java Might Need an Update" or "You browser needs an update" pop-ups in the past...but today I've seen a "Your CCleaner might be outdated!" pop-up.
This "fake Ccleaner" update is promoted via malicious ads mostly found on adult or torrent websites.

Of course using a well known name to promote a malicious installer is not something new. But
it's interesting as I don't know if a Ccleaner user (which in theory should have a little knowledge of the threats on the web and how a computer works) would fall for this scam.
As always if you "Upgrade" to the latest fake "CCleaner" program, the custom installer will add adware and browser hijackers on your computer.
The malicious download is signed by INSTALLIUM LTD.
INSTALLIUM LTD is a software publisher located in TEL AVIV-JAFFA, Israel. The company is a primary distributor of adware type software.

VirusTotal results for the setup.exe downloaded: https://www.virustotal.com/en/file/...1e1fdd7c3f595331f7d7d256/analysis/1433912074/

Detection 0/57...

 

[Koroke San]

When i see the fake ccleaner update says Norton Secured i'm like

 

[frogboy]

This one is going to catch a lot of people out.

 

[WinXPert]

OMG My CCleaner needs updating

 

[comfortablynumb15]

And as I said last time, if I'm on a random site that pops up a security update or any update for a program and not from the taskbar, it's an immediate siren going off. It doesn't take computer or web knowledge, it takes looking through the Windows manual and help file for 10 minutes. Nor does CCleaner even pop up messages unless you actively open the program.

 

[comfortablynumb15]

I know sometimes I can seem a little harsh towards "computer newbies", but honestly I'm tired of people making excuses for obvious laziness and an unwillingness to spend a half hour on Google looking up Kindergarten-level basics of keeping safe on the net. Everyone from government agencies to little Timmy's grandma has an excuse anymore. "Oh I didn't know pop-ups could be bad." "Oh, I didn't know I needed an AV". "Oh, I didn't know that some random dude wouldn't give me something for free without condition..and hey, it was an IPad!..even though I don't really know what all an IPad does.". I'm just sick of it. If you're going to hook up a computer that is going to be accessed by and can access billions of other computers, you better damned well know how to take care of it. The net has been around for 20+ years now, you've had the time. /end rant.

 

[WinXPert]

Copyright © 2014 CCleaner. That's a giveaway.

 

[comfortablynumb15]

Well yeah, if you take a moment to study the pop-up, there is a lot on that sucker saying "Nope". I can't even remember a time CCleaner has wanted to install a "critical security fix", all the years I used it.

 

[jamescv7]

Usually fake CCleaner tends to ask you to purchase the license before installing in the system which quite lame though. I've never saw a rogue CCleaner in action within same interface and functions.

Verisign logo is very totally easy to create an exact same type with enough creative skills.

 

[Exterminator]

Pretty easy to spot.Since CCleaner provides a different pop up for updating to a new version which then takes you to their official website,that in and of itself should be an immediate red flag.The only time you get an upgrade pop up is when you open the program itself which the asks if you would like to go to the official site or decline the upgrade.
Best advice if your not sure go to the official website and download/install the update from that softwares site.