Corrine Posted September 18, 2017 Share Posted September 18, 2017 Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. More at CCleaner Compromised to Distribute Malware for Almost a Month. Also see Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users and Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk. 2 Quote Link to comment Share on other sites More sharing options...
Pete! Posted September 18, 2017 Share Posted September 18, 2017 Every time I download a new version, ESET flags the installation file for something, usually a PUP. This stops me from recommending it to newbies who don't already know about it. 1 Quote Link to comment Share on other sites More sharing options...
zlim Posted September 18, 2017 Share Posted September 18, 2017 I must have missed the fact that Avast bought Piriform in July of this year. My biased opinion: if a company that sells an av program can't check to see that the downloads offered on a site it owns are clean, how trustworthy is the av program it offers? 4 Quote Link to comment Share on other sites More sharing options...
Digerati Posted September 18, 2017 Share Posted September 18, 2017 My biased opinion: if a company that sells an av program can't check to see that the downloads offered on a site it owns are clean, how trustworthy is the av program it offers? The hairs on the back of my neck raised too. A mere month after Piriform was acquired by Avast (and new people gained access to the code), this compromise occurred? 1 Quote Link to comment Share on other sites More sharing options...
crp Posted September 18, 2017 Share Posted September 18, 2017 My biased opinion: if a company that sells an av program can't check to see that the downloads offered on a site it owns are clean, how trustworthy is the av program it offers? The hairs on the back of my neck raised too. A mere month after Piriform was acquired by Avast (and new people gained access to the code), this compromise occurred? only thing i can think of is that this was an inlab test file that got mistakenly posted to wrong place. Quote Link to comment Share on other sites More sharing options...
Corrine Posted September 18, 2017 Author Share Posted September 18, 2017 From the updated BC article: Article updated with link to Piriform blog post. Updated article for a second time with response from Avast CTO. An earlier version of this article referenced a tweet suggesting that other parts of the Avast network might be compromised. Avast investigated the issue and discovered that someone used its VPN service to send ransomware-laced spam. Follow-up article on removal: CCleaner Malware Incident - What You Need to Know and How to Remove. Note: CCleaner 5.34 will NOT remove the Agomo registry key used by the malware. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted September 19, 2017 Share Posted September 19, 2017 Thanks for the heads up I have just done a fresh install of 7 so I 'll have to check which version of CC I used. Quote Link to comment Share on other sites More sharing options...
Pete! Posted September 19, 2017 Share Posted September 19, 2017 (edited) IMHO: The easiest way to see if you're infected is to read at the link Corrine posted.... https://www.bleeping...-how-to-remove/ ... and then look in your registry to see if you have the Registry key located at HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo. By the time I saw the post, I had already uninstalled the program, and purged my "Downloads" folder of all the CCleaner installation files. Turns out I have a Piriform key, but in a slightly different location (HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Piriform), and there's no "Agomo". I'm not sure if ESET removed/blocked it, if I never had it, or if uninstalling made it go away. Just about every time I got a new version ESET flagged it for a PUP, and more recently it removed something from memory every time I opened this version.... It's also possible that I had the 64 bit version. Edited September 19, 2017 by Pete! 1 Quote Link to comment Share on other sites More sharing options...
Corrine Posted September 19, 2017 Author Share Posted September 19, 2017 For those interested, here's the report from Avast: Update to the CCleaner 5.33.6162 Security Incident. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted September 19, 2017 Share Posted September 19, 2017 Hmm... since I don't have network access enabled in my Windows installation, I haven't updated CCleaner for about 6 months. Guess I don't have to worry about this. It's sad that these irresponsible entities continue to allow breaches and such like this to happen. Security doesn't seem to be a priority quite as high as "making a buck" seems to be. 1 Quote Link to comment Share on other sites More sharing options...
ebrke Posted September 21, 2017 Share Posted September 21, 2017 Seems this isn't over yet: https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/ 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.