Go Back  DVD Talk Forum > General Discussions > Other Talk
Reload this Page >

CCleaner Backdoor Hack Discovered - Millions Affected

Other Talk "Otterville"

CCleaner Backdoor Hack Discovered - Millions Affected

Old 09-18-17, 02:21 PM
  #1  
DVD Talk Legend
Thread Starter
 
kenbuzz's Avatar
 
Join Date: Jun 2000
Location: Bloomington, IN
Posts: 21,883
Received 136 Likes on 97 Posts
CCleaner Backdoor Hack Discovered - Millions Affected

Linky: https://www.forbes.com/sites/thomasb.../#34d019fc316a

tl;dr: If you are a user of CCleaner, go update it to the latest version (5.34) as the 5.33 version was illegally modified before it was released to the public. Ditto for CCleaner Cloud v1.07.

Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads
Forbes
Sep 18, 2017 @ 05:00 AM

Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected.

The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.

Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software. If CCleaner's claims on user numbers, millions are likely affected.



The malware would send encrypted information about the infected computer - the name of the computer, installed software and running processes - back to the hackers' server. The hackers also used what's known as a domain generation algorithm (DGA); whenever the crooks' server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.


"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

"Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."

Not all are convinced by the claims of Piriform, acquired by Avast in July. "I have a feeling they are downplaying it indeed," said Martijn Grooten, editor of security publication Virus Bulletin. Of the Piriform claim it had no evidence of much wrongdoing by the hacker, Grooten added: "As I read the Cisco blog, there was a backdoor that could have been used for other purposes.

"This is pretty severe. Of course, it may be that they really only stole ... 'non-sensitive data' ... but it could be useful in follow-up targeted attacks against specific users."

In its blog, Talos' researchers concluded: "This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates."
Old 09-18-17, 02:58 PM
  #2  
DVD Talk Hero
 
Nick Danger's Avatar
 
Join Date: Mar 2001
Location: Albuquerque
Posts: 26,552
Received 538 Likes on 360 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Thanks for posting. A few weeks ago, I downloaded and ran CCleaner for the first time in years. Of course I got the compromised version.
Old 09-18-17, 03:06 PM
  #3  
Moderator
 
Groucho's Avatar
 
Join Date: Mar 2000
Location: Salt Lake City, Utah
Posts: 71,383
Received 117 Likes on 79 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Wow. I used to run CCleaner all the time when I had a Windows box, but that was long before the compromise.
Old 09-18-17, 03:53 PM
  #4  
DVD Talk Hero
 
Josh-da-man's Avatar
 
Join Date: Sep 2000
Location: The Bible Belt
Posts: 36,721
Received 863 Likes on 628 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Big black eye for Avast!
Old 09-18-17, 04:07 PM
  #5  
DVD Talk Legend
 
AGuyNamedMike's Avatar
 
Join Date: Jul 2000
Location: (formerly known as Inglenook Hampendick) Fairbanks, Alaska!
Posts: 16,162
Received 191 Likes on 137 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Checked Spiceworks and only one machine had the offending version. Whew!
Old 09-18-17, 06:10 PM
  #6  
DVD Talk Limited Edition
 
Join Date: Oct 2003
Posts: 5,856
Received 310 Likes on 241 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

No one is safe! Glad this was discovered (relatively) soon -- only one month delay between being compromised and being fixed.

CCleaner is actually one of the most useful applications one can run "once in awhile" as it gets rid of lots of crap. But, if you're using a RAMDRIVE for temporary files, cookies, browser cache, etc, you're in much better shape.
Old 09-18-17, 07:04 PM
  #7  
DVD Talk Hero
 
Nick Danger's Avatar
 
Join Date: Mar 2001
Location: Albuquerque
Posts: 26,552
Received 538 Likes on 360 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

I just wanted to clean out my cookies. CCleaner gives me the ability to save the cookies I want, and deletes the rest.
Old 09-18-17, 11:21 PM
  #8  
DVD Talk Platinum Edition
 
rbrown498's Avatar
 
Join Date: Feb 2010
Posts: 3,055
Received 109 Likes on 80 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

I just checked, and I'm still running v5.22. I'm assuming that makes me safe?
Old 09-19-17, 01:21 AM
  #9  
DVD Talk Limited Edition
 
Join Date: Mar 1999
Location: St Louis, MO
Posts: 7,249
Received 100 Likes on 74 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

The article I read said only the 32-bit version was affected. Has that been changed?
Old 09-19-17, 06:42 AM
  #10  
kd5
DVD Talk Legend
 
kd5's Avatar
 
Join Date: May 2010
Location: Ohio, USA
Posts: 11,102
Received 118 Likes on 86 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Originally Posted by kefrank View Post
The article I read said only the 32-bit version was affected. Has that been changed?
I didn't see where the Forbes article, or the Reuters article I linked to in Tech Talk specified 32 or 64-bit versions, only that v5.33.6162 was the offending version of CCleaner.
Old 09-19-17, 09:13 AM
  #11  
DVD Talk Gold Edition
 
Join Date: Sep 1999
Location: Earth
Posts: 2,049
Likes: 0
Received 0 Likes on 0 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Original article with technical details about the hack:
CCleanup: A Vast Number of Machines at Risk

Apparently only the 32 bit version was affected. I installed Immunet as suggested by one of the authors and it detected and removed the offending file from my system. It left the 64 bit version alone.
Old 09-19-17, 11:44 AM
  #12  
DVD Talk Hero
 
Nick Danger's Avatar
 
Join Date: Mar 2001
Location: Albuquerque
Posts: 26,552
Received 538 Likes on 360 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Originally Posted by GMan2819 View Post
Original article with technical details about the hack:
CCleanup: A Vast Number of Machines at Risk

Apparently only the 32 bit version was affected. I installed Immunet as suggested by one of the authors and it detected and removed the offending file from my system. It left the 64 bit version alone.
I ran Immunet, and it didn't report anything. I was suspicious and ran MalwareBytes, which found the virus.
Old 09-19-17, 12:36 PM
  #13  
DVD Talk Special Edition
 
Join Date: Dec 2005
Location: Macon, Ga
Posts: 1,717
Likes: 0
Received 4 Likes on 2 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

it's apparently been a while since i updated mine, i still have version 4.11
Old 09-19-17, 02:00 PM
  #14  
DVD Talk Legend
 
AGuyNamedMike's Avatar
 
Join Date: Jul 2000
Location: (formerly known as Inglenook Hampendick) Fairbanks, Alaska!
Posts: 16,162
Received 191 Likes on 137 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Originally Posted by Nick Danger View Post
I ran Immunet, and it didn't report anything. I was suspicious and ran MalwareBytes, which found the virus.
On the one machine with v5.33 I did too. Ran TDSSKiller, Malwarebytes, Superantispyware, and SEP and Malwarebytes found and cleaned the bad guy.
Old 09-19-17, 02:19 PM
  #15  
DVD Talk Limited Edition
 
Rival11's Avatar
 
Join Date: Feb 2004
Location: Western N.Y.
Posts: 6,211
Received 42 Likes on 24 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Crazy, not one mention of this on Piriform's website.
Old 09-19-17, 08:28 PM
  #16  
DVD Talk Limited Edition
 
Join Date: Oct 2003
Posts: 5,856
Received 310 Likes on 241 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Originally Posted by Rival11 View Post
Crazy, not one mention of this on Piriform's website.
Really? Are they that desperate to save face, cover it up, and make their customers think "no news is good news?"

I'd hope they'd be going out of their way to make sure it is properly reported on their site, followed of course by the direct-download link to update to the latest (fixed) version.
Old 09-20-17, 06:56 PM
  #17  
DVD Talk Legend
 
AGuyNamedMike's Avatar
 
Join Date: Jul 2000
Location: (formerly known as Inglenook Hampendick) Fairbanks, Alaska!
Posts: 16,162
Received 191 Likes on 137 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Originally Posted by Rival11 View Post
Crazy, not one mention of this on Piriform's website.
Well, there's this.
Old 09-20-17, 10:01 PM
  #18  
DVD Talk Legend
 
Sonic's Avatar
 
Join Date: May 1999
Posts: 18,494
Received 61 Likes on 45 Posts
Re: CCleaner Backdoor Hack Discovered - Millions Affected

How to tell if you were infected:

http://www.majorgeeks.com/news/story...are_issue.html
Old 09-21-17, 07:33 AM
  #19  
JAA
DVD Talk Special Edition
 
Join Date: Apr 2001
Posts: 1,153
Received 1 Like on 1 Post
Re: CCleaner Backdoor Hack Discovered - Millions Affected

Thanks for that, Sonic.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.