L S

Level 5
Verified
I updated , because I already have the CCleaner version.5.34 - and now updated to v.5.35 ....... the CCleaner version.5.33 was compromised - soo ....... they who has the version.5.32 & v.5.31 & bellow if they want can wait, ....... but for me with already updated to version.5.34 it's normal & smart to update to this newer version of CCleaner v.5.35 .
 
5

509322

I updated , because I already have the CCleaner version.5.34 - and now updated to v.5.35 ....... the CCleaner version.5.33 was compromised - soo ....... they who has the version.5.32 & v.5.31 & bellow if they want can wait, ....... but for me with already updated to version.5.34 it's normal & smart to update to this newer version of CCleaner v.5.35 .
Continuing to use the old, non-malicious versions with a potentially compromised certificate isn't a best security practice.

Everyone who continues to use CCleaner should update to the version with the new cert.
 

L S

Level 5
Verified
Continuing to use the old, non-malicious versions with a potentially compromised certificate isn't a best security practice.

Everyone who continues to use CCleaner should update to the version with the new cert.
Well ... on every Tech Site & Avast ; Piriform too - Said that only the CCleaner version 5.33 is infected - those versions bellow are Not.
- But, Yes - If you use CCleaner It's safer and wise to use the latest version - of course .
 
5

509322

Well ... on every Tech Site & Avast ; Piriform too - Said that only the CCleaner version 5.33 is infected - those versions bellow are Not.
- But, Yes - If you use CCleaner It's safer and wise to use the latest version - of course .
You're not getting it. The uninfected older versions are using potentially compromised certificates.
 
  • Like
Reactions: DJ Panda

L S

Level 5
Verified
You're not getting it. The uninfected older versions are using potentially compromised certificates.
@Lockdown I Get It !!! ... But = ""potentially compromised certificates"" ... = does not necessarily mean that they are compromised .

P.S. - And in the previous reply I was saying they to wait a bit, not to "never" update.
- And of course the New Certificates - Are New ....
 
Last edited:
5

509322

@Lockdown I Get It !!! ... But = ""potentially compromised certificates"" ... = does not necessarily mean that they are compromised .

P.S. - And in the previous reply I was saying they to wait a bit, not to "never" update.
- And of course the New Certificates - Are New ....
Avast\Piriform is not willing to risk it therefore a new certificate was issued. Ideally, people should not use any of the old versions with the old cert.
 
  • Like
Reactions: DJ Panda

L S

Level 5
Verified
Avast\Piriform is not willing to risk it therefore a new certificate was issued. Ideally, people should not use any of the old versions with the old cert.
Of course ....... But they do - people , they are scared to update to latest version = that's what I said/meant .......
....... misunderstanding .......
 
  • Like
Reactions: mlnevese
5

509322

Of course ....... But they do - people , they are scared to update to latest version = that's what I said/meant .......
....... misunderstanding .......
OK, now I understand. Yes, the irrational fears are rampant out there.

Sorry about the misunderstanding (forum posts are really a pain in that regard - they're so easy to misinterpret).
 
  • Like
Reactions: L S and mlnevese

roger_m

Level 21
Content Creator
Verified
The C2s weren't fully operational
CCleaner and installing avast with out permission...
The CnC server was taken down on September 15, three days after we first learned about the incident. Given how difficult these things tend to be, we consider this a very good result and I don't see how we could have done it any better. (By that time, the secondary CnC servers (the DGA domains) were already sinkholed as well, so that technically cut the attackers off their ability to control the backdoor).