- Apr 13, 2013
- 3,224
OK- we all already know about CCleaner 5.33 which had a suspicious connection to a server farm in LA known to host malware from time to time. It is so easy to see these things after the fact, we wonder why we weren't the first to report the issue!
So let's look at the current CCleaner version 5.37.6309. After install we notice that CCUpdate will attempt to connect to servers in London as well as a server in Raleigh, North Carolina. However we may also notice that on first run we will get a request from CCleaner.exe to connect to a CloudFlare server (104.31.74.124) in San Fransisco, which in the past a certain malicious file also connected to (among quite a few other servers): Antivirus scan for 3d257ff9638b9a5acc9b62a8aab7726351c6e45d3fb293ece5292c7a2e5d3015 at 2017-11-19 13:36:20 UTC - VirusTotal
Should we be concerned? Or am I just screwing with you as I've just had 3 glasses of wine?
(Note: my last work day prior to my annual Winter sabbatical. It's good being me...)
Fun Fact- Comodo has removed PiriForm from it's Trusted vendors List. I really don't know if this matters; those that want CCleaner will allow it to run, and those that don't want CCleaner won't care if PiriForm is Trusted or not...
So let's look at the current CCleaner version 5.37.6309. After install we notice that CCUpdate will attempt to connect to servers in London as well as a server in Raleigh, North Carolina. However we may also notice that on first run we will get a request from CCleaner.exe to connect to a CloudFlare server (104.31.74.124) in San Fransisco, which in the past a certain malicious file also connected to (among quite a few other servers): Antivirus scan for 3d257ff9638b9a5acc9b62a8aab7726351c6e45d3fb293ece5292c7a2e5d3015 at 2017-11-19 13:36:20 UTC - VirusTotal
Should we be concerned? Or am I just screwing with you as I've just had 3 glasses of wine?
(Note: my last work day prior to my annual Winter sabbatical. It's good being me...)
Fun Fact- Comodo has removed PiriForm from it's Trusted vendors List. I really don't know if this matters; those that want CCleaner will allow it to run, and those that don't want CCleaner won't care if PiriForm is Trusted or not...