Parsh

Level 24
Verified
Trusted
Malware Hunter
If one wants to continue with CCleaner, he/she should go ahead IMO. Along with this security measure (new signature), they sure would have well scrutinized and verified their source code & distributable binary before releasing this new version :) Rest of thoughts will be speculations.
 
5

509322

New certs. One should update to the new cert version if they are going to continue to use CCleaner. I am still using the x64 version on 4 test systems. If the Piriform infrastructure is compromised a second time, then I will temporarily not use it until they sort it out. However, once it is resolved I will still use the product.
 

BoraMurdar

Community Manager
Verified
Staff member
I have updated it right away.
Reading the official statement from Avast and company that informed Cisco about this problem, also analyzing my system, app and connection logs, and investigating a little, I found no evidence of successful malicious consequences, even after the vulnerability was successfully created on who knows how many computers. Someone created a hole and forgot to exploit it apparently :unsure:
 
5

509322

Someone created a hole and forgot to exploit it apparently :unsure:
  1. The Domain generation algorithm was botched
  2. The C2s weren't fully operational

So the embedded malware was there, but didn't do anything since other parts upon which it was dependent were broken or nonoperational. The backdoor was "Dead on Arrival."

And even then the malicious potential was present only for 32-bit installs.

New details released. The initial reports were incorrect.
 
Last edited by a moderator:

BoraMurdar

Community Manager
Verified
Staff member
  1. The Domain generation algorithm was botched
  2. The C2s weren't fully operational
So the embedded malware was there, but didn't do anything since other parts upon which it was dependent were broken or nonoperational. The backdoor was "Dead on Arrival."

And even then the malicious potential existed only for 32-bit installs.
Luckily for many
Use the slim version, without the toolbar
http://www.piriform.com/ccleaner/download/slim/downloadfile
 
5

509322

Luckily for many
It is curious when you compare the reaction to the compromised CCleaner to that of the recent Eternal Blue\Double Pulsar exploits.

People were freaking-out for months over EB\DB - with an incredible amount of utter nonsense on the forums and web.

Compromised CCleaner had\has the potential to be 100X worse than EB\DB. The number of compromised systems could have turned out to be a staggering number. It is right up there as a worst-case scenario. However, compared to EB\DB, "CCleaner Crisis" is generating only a fraction of the user concern.

This only proves that even advanced users do not fundamentally understand security risks. "Advanced" user does not necessarily mean knowledgeable user.

Typical users and forum members don't bother to actually read articles, reports or forum threads in their entirety. However, they are great at looking at pictures, looking at graphs, and reading only the sensational headlines - and drawing conclusions based only on those 3 entirely inadequate bits of infos.

And before anyone gets bent out of shape, my observation is just what it is - an observation - and nothing more. Nothing intended other than pointing out that if one does not bother to research and read, then one is apt not to understand the real issues affecting their digital security.
 
Last edited by a moderator:

BoraMurdar

Community Manager
Verified
Staff member
Compromised CCleaner had\has the potential to be 100X worse than EB\DB. The number of compromised systems could have turned out to be a staggering number. It is right up there as a worst-case scenario. However, compared to EB\DB, "CCleaner Crisis" is generating only a fraction of the user concern.
I agree, but it's still early to do statistics. People usually freak out after the smoke clears...
 
5

509322

I agree, but it's still early to do statistics. People usually freak out after the smoke clears...
Perhaps, but from my general observation this one is flying right over their heads. Sort of like that "Deer in the headlights" look after they say "Wow ? or Huh ?..."

deer-in-headlights.jpg


"CCleaner embedded ?"
 
  • Like
Reactions: L S and shukla44
5

509322

It's enough to once discover a hole, later it's hard to believe them.
Avast and Piriform both fully comprehend what this compromise can do to them and what is required of them to resolve the matter.

What's to say that Wise Cleaner, Glary, IOBit or any other software publisher's system will not be compromised and their product tampered with in a similar manner ?

What is clearly demonstrated in this instance is that the blind trust in digital certificates can be leveraged against the industry and users.

Will this incident change the industry ? No, it will not. Why ? In a word, money.