Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Sep 18, 2017 #1 Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Click to expand... More at CCleaner Compromised to Distribute Malware for Almost a Month. Also see Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users and Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk.
Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Click to expand... More at CCleaner Compromised to Distribute Malware for Almost a Month. Also see Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users and Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk.
Digerati ModeratorHardware ExpertMicrosoft MVP (Ret.) Staff member Joined Aug 28, 2012 Posts 4,908 Location Nebraska, USA Sep 18, 2017 #2 It is interesting that it apparently only affected the 32-bit versions. Also interesting is this issue occurred just after Piriform was obtained by a major security firm, Avast. At any rate, I am glad it was detected and a new clean version of CC has been released and can be downloaded from here.
It is interesting that it apparently only affected the 32-bit versions. Also interesting is this issue occurred just after Piriform was obtained by a major security firm, Avast. At any rate, I am glad it was detected and a new clean version of CC has been released and can be downloaded from here.
axe0 Administrator, BSOD Academy Instructor, Security Analyst Staff member Joined May 21, 2015 Posts 3,307 Location Holland Sep 18, 2017 #3 To see if you're infected, go to HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner in the registry editor. If it contains a key called "[FONT="]Agomo[/FONT]" you're infected. Agomo key has the following values MUID: randomly generated number identifying a particular system. Possibly also to be used as communication encryption key. TCID: timer value used for checking whether to perform certain actions (communication, etc.) NID: IP address of secondary CnC server Click to expand... Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
To see if you're infected, go to HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner in the registry editor. If it contains a key called "[FONT="]Agomo[/FONT]" you're infected. Agomo key has the following values MUID: randomly generated number identifying a particular system. Possibly also to be used as communication encryption key. TCID: timer value used for checking whether to perform certain actions (communication, etc.) NID: IP address of secondary CnC server Click to expand... Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Sep 18, 2017 #4 From the updated BC article: Article updated with link to Piriform blog post. Updated article for a second time with response from Avast CTO. An earlier version of this article referenced a tweet suggesting that other parts of the Avast network might be compromised. Avast investigated the issue and discovered that someone used its VPN service to send ransomware-laced spam. Click to expand...
From the updated BC article: Article updated with link to Piriform blog post. Updated article for a second time with response from Avast CTO. An earlier version of this article referenced a tweet suggesting that other parts of the Avast network might be compromised. Avast investigated the issue and discovered that someone used its VPN service to send ransomware-laced spam. Click to expand...
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Sep 19, 2017 #5 For those interested, here's the report from Avast: Update to the CCleaner 5.33.6162 Security Incident.
For those interested, here's the report from Avast: Update to the CCleaner 5.33.6162 Security Incident.
Masterchiefxx17 Sysnative Staff Staff member Joined Mar 31, 2012 Posts 662 Location Wisconsin, USA Sep 23, 2017 #6 Digerati said: It is interesting that it apparently only affected the 32-bit versions. Also interesting is this issue occurred just after Piriform was obtained by a major security firm, Avast. At any rate, I am glad it was detected and a new clean version of CC has been released and can be downloaded from here. Click to expand... I'd assume this new clean version is safe to use again?
Digerati said: It is interesting that it apparently only affected the 32-bit versions. Also interesting is this issue occurred just after Piriform was obtained by a major security firm, Avast. At any rate, I am glad it was detected and a new clean version of CC has been released and can be downloaded from here. Click to expand... I'd assume this new clean version is safe to use again?
axe0 Administrator, BSOD Academy Instructor, Security Analyst Staff member Joined May 21, 2015 Posts 3,307 Location Holland Sep 23, 2017 #7 Yes, the new version has a new digital signature to make hacking more difficult.
jcgriff2 Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.) Staff member Joined Feb 19, 2012 Posts 21,541 Location New Jersey Shore Sep 24, 2017 #8 Does anyone believe this figure? About 30% of CCleaner users also run Avast security software Click to expand... Seems high.
Does anyone believe this figure? About 30% of CCleaner users also run Avast security software Click to expand... Seems high.
Digerati ModeratorHardware ExpertMicrosoft MVP (Ret.) Staff member Joined Aug 28, 2012 Posts 4,908 Location Nebraska, USA Sep 24, 2017 #9 jcgriff2 said: Does anyone believe this figure? About 30% of CCleaner users also run Avast security software Click to expand... Seems high. Click to expand... Yeah, I think that is total fiction or backwards. That is they meant, 30% of Avast users also run CCleaner.
jcgriff2 said: Does anyone believe this figure? About 30% of CCleaner users also run Avast security software Click to expand... Seems high. Click to expand... Yeah, I think that is total fiction or backwards. That is they meant, 30% of Avast users also run CCleaner.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,056 Location Upstate, NY Sep 24, 2017 #10 Digerati said: 30% of Avast users also run CCleaner. Click to expand... That makes more sense.
Masterchiefxx17 Sysnative Staff Staff member Joined Mar 31, 2012 Posts 662 Location Wisconsin, USA Sep 24, 2017 #11 axe0 said: Yes, the new version has a new digital signature to make hacking more difficult. Click to expand... Good to know. A family member of mine loves the tool, but I had them remove it in the recent event. Now we wait for the news for Avast to announce that other Piriform tools were also hacked. :r1:
axe0 said: Yes, the new version has a new digital signature to make hacking more difficult. Click to expand... Good to know. A family member of mine loves the tool, but I had them remove it in the recent event. Now we wait for the news for Avast to announce that other Piriform tools were also hacked. :r1:
jcgriff2 Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.) Staff member Joined Feb 19, 2012 Posts 21,541 Location New Jersey Shore Sep 25, 2017 #12 Very good point.
Digerati ModeratorHardware ExpertMicrosoft MVP (Ret.) Staff member Joined Aug 28, 2012 Posts 4,908 Location Nebraska, USA Sep 25, 2017 #13 Well, since Avast made it a point to point out the hack was with CCleaner from before the acquisition (even though Avast issued the cert), I would hope a full audit of all the products was done by both sides. And since I view both Piriform and Avast as reputable and responsible companies, I am sure they did and have implemented procedures to prevent recurrence. Now whether those procedures work or not is another matter.
Well, since Avast made it a point to point out the hack was with CCleaner from before the acquisition (even though Avast issued the cert), I would hope a full audit of all the products was done by both sides. And since I view both Piriform and Avast as reputable and responsible companies, I am sure they did and have implemented procedures to prevent recurrence. Now whether those procedures work or not is another matter.
Node Member Joined Oct 5, 2017 Posts 18 Oct 5, 2017 #14 I suppose not updating things frequently has actually came in quite handy. :lol: