CCleaner 5.35.6210

Status
Not open for further replies.

enaph

Level 28
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
Well... :D
Untitled.png
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
If one wants to continue with CCleaner, he/she should go ahead IMO. Along with this security measure (new signature), they sure would have well scrutinized and verified their source code & distributable binary before releasing this new version :) Rest of thoughts will be speculations.
 
5

509322

New certs. One should update to the new cert version if they are going to continue to use CCleaner. I am still using the x64 version on 4 test systems. If the Piriform infrastructure is compromised a second time, then I will temporarily not use it until they sort it out. However, once it is resolved I will still use the product.
 

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
I have updated it right away.
Reading the official statement from Avast and company that informed Cisco about this problem, also analyzing my system, app and connection logs, and investigating a little, I found no evidence of successful malicious consequences, even after the vulnerability was successfully created on who knows how many computers. Someone created a hole and forgot to exploit it apparently :unsure:
 
5

509322

Someone created a hole and forgot to exploit it apparently :unsure:

  1. The Domain generation algorithm was botched
  2. The C2s weren't fully operational

So the embedded malware was there, but didn't do anything since other parts upon which it was dependent were broken or nonoperational. The backdoor was "Dead on Arrival."

And even then the malicious potential was present only for 32-bit installs.

New details released. The initial reports were incorrect.
 
Last edited by a moderator:

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
  1. The Domain generation algorithm was botched
  2. The C2s weren't fully operational
So the embedded malware was there, but didn't do anything since other parts upon which it was dependent were broken or nonoperational. The backdoor was "Dead on Arrival."

And even then the malicious potential existed only for 32-bit installs.
Luckily for many
Use the slim version, without the toolbar
http://www.piriform.com/ccleaner/download/slim/downloadfile
 
5

509322

Luckily for many

It is curious when you compare the reaction to the compromised CCleaner to that of the recent Eternal Blue\Double Pulsar exploits.

People were freaking-out for months over EB\DB - with an incredible amount of utter nonsense on the forums and web.

Compromised CCleaner had\has the potential to be 100X worse than EB\DB. The number of compromised systems could have turned out to be a staggering number. It is right up there as a worst-case scenario. However, compared to EB\DB, "CCleaner Crisis" is generating only a fraction of the user concern.

This only proves that even advanced users do not fundamentally understand security risks. "Advanced" user does not necessarily mean knowledgeable user.

Typical users and forum members don't bother to actually read articles, reports or forum threads in their entirety. However, they are great at looking at pictures, looking at graphs, and reading only the sensational headlines - and drawing conclusions based only on those 3 entirely inadequate bits of infos.

And before anyone gets bent out of shape, my observation is just what it is - an observation - and nothing more. Nothing intended other than pointing out that if one does not bother to research and read, then one is apt not to understand the real issues affecting their digital security.
 
Last edited by a moderator:

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Compromised CCleaner had\has the potential to be 100X worse than EB\DB. The number of compromised systems could have turned out to be a staggering number. It is right up there as a worst-case scenario. However, compared to EB\DB, "CCleaner Crisis" is generating only a fraction of the user concern.
I agree, but it's still early to do statistics. People usually freak out after the smoke clears...
 
5

509322

I agree, but it's still early to do statistics. People usually freak out after the smoke clears...

Perhaps, but from my general observation this one is flying right over their heads. Sort of like that "Deer in the headlights" look after they say "Wow ? or Huh ?..."

deer-in-headlights.jpg


"CCleaner embedded ?"
 
  • Like
Reactions: L S and shukla44
5

509322

It's enough to once discover a hole, later it's hard to believe them.

Avast and Piriform both fully comprehend what this compromise can do to them and what is required of them to resolve the matter.

What's to say that Wise Cleaner, Glary, IOBit or any other software publisher's system will not be compromised and their product tampered with in a similar manner ?

What is clearly demonstrated in this instance is that the blind trust in digital certificates can be leveraged against the industry and users.

Will this incident change the industry ? No, it will not. Why ? In a word, money.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top