ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

CCleaner contained malware for one month

<< < (2/4) > >>

exjoburger:
The way the malware was delivered on top of a legitimate software update is quite scary.

What next, malware with Windows Updates? Oh wait, Windows 10 updates... :-\

4wd:
It would be interesting to know that if they still distributed the Slim build of CCleaner, (the one without the PUP inclusion), whether this would have happened with it.

Stoic Joker:
It would be interesting to know that if they still distributed the Slim build of CCleaner, (the one without the PUP inclusion), whether this would have happened with it.
-4wd (September 19, 2017, 08:08 PM)
--- End quote ---

From what I've read, probably yes. This was a sophisticated supply chain hack (of Piriform and Avast servers) that repackaged the update with a valid digital signature. So unless the slim was a no install 'portable' version...it could have also easily been exploited.

rgdot:
Second payload!? ...how in the world can an 'updated' exe/new version be open to this  :(

https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/

Piriform was quick to state that users could resolve the issue by updating to the new malware-free version of CCleaner.

A new report suggests that this may not be enough.

Talos Group found evidence that the attack was more sophisticated, as it targeted a specific list of domains with a second payload.
--- End quote ---

4wd:
It would be interesting to know that if they still distributed the Slim build of CCleaner, (the one without the PUP inclusion), whether this would have happened with it.
-4wd (September 19, 2017, 08:08 PM)
--- End quote ---

From what I've read, probably yes. This was a sophisticated supply chain hack (of Piriform and Avast servers) that repackaged the update with a valid digital signature. So unless the slim was a no install 'portable' version...it could have also easily been exploited.
-Stoic Joker (September 20, 2017, 07:21 AM)
--- End quote ---

Interesting to note that the Slim build has reappeared on their downloads page ... it wasn't there two days ago when I downloaded the last version.

Also interestingly, ccleaner64.exe (v5.35) now wants access to the internet despite having the update check disabled, (and anything else that has to do with network access).

This didn't happen in previous versions and doesn't necessarily inspire confidence.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version