Main Area and Open Discussion > General Software Discussion
CCleaner contained malware for one month
Matthew_:
>:(
I trusted it and sticked to it, bt I just want to say WTF to the developer NOW.
:down:
Deozaan:
Looks like simply installing the new version isn't enough to wipe out the malware.
The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.
[...]
From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung. The 20 computers that installed the payload were from eight of those targeted organizations, Avast said, without identifying which ones. Again, because the data covers only a small fraction of the time the backdoor was active, both Avast and Talos believe the true number of targets and victims was much bigger.
[...]
Now that it's known the CCleaner backdoor actively installed a payload that went undetected for more than a month, Williams renewed his advice that people who installed CCleaner version 5.3 reformat their hard drives. He said simply removing the stage-one infection is insufficient given the proof now available that the second stage can survive and remain stealthy.-https://arstechnica.com/information-technology/2017/09/ccleaner-malware-outbreak-is-much-worse-than-it-first-appeared/
--- End quote ---
Read more details here:
https://arstechnica.com/information-technology/2017/09/ccleaner-malware-outbreak-is-much-worse-than-it-first-appeared/
4wd:
OK, this is getting annoying, CCleaner 5.35.0.6210 is persisting in its attempts to access the internet:
Whois
--- ---Whois lookup for: 151.101.80.64
#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=151.101.80.64?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 151.101.0.0 - 151.101.255.255
CIDR: 151.101.0.0/16
NetName: SKYCA-3
NetHandle: NET-151-101-0-0-1
Parent: RIPE-ERX-151 (NET-151-0-0-0-0)
NetType: Direct Assignment
OriginAS:
Organization: Fastly (SKYCA-3)
RegDate: 2016-02-01
Updated: 2016-02-01
Ref: https://whois.arin.net/rest/net/NET-151-101-0-0-1
OrgName: Fastly
OrgId: SKYCA-3
Address: PO Box 78266
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2011-09-16
Updated: 2017-03-30
Ref: https://whois.arin.net/rest/org/SKYCA-3
Considering the previous versions never attempted to do it when the relevant option was turned off now makes this program suspect AFAIAC.
IainB:
OK, this is getting annoying, CCleaner 5.35.0.6210 is persisting in its attempts to access the internet:
...
...Considering the previous versions never attempted to do it when the relevant option was turned off now makes this program suspect AFAIAC.
___________________________
-4wd (September 22, 2017, 07:57 AM)
--- End quote ---
I used Windows Firewall Control to block it - "Head it off at the pass"...
4wd:
OK, this is getting annoying, CCleaner 5.35.0.6210 is persisting in its attempts to access the internet:
...
...Considering the previous versions never attempted to do it when the relevant option was turned off now makes this program suspect AFAIAC.
___________________________
-4wd (September 22, 2017, 07:57 AM)
--- End quote ---
I used Windows Firewall Control to block it - "Head it off at the pass"...-IainB (September 22, 2017, 08:41 AM)
--- End quote ---
I'd rather know the cause of the problem than hide the problem.
ie. Is this still a symptom of the infection or have the programmers screwed up?
It becomes more interesting when the 32bit version isn't asking for internet access.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version