• Is your CCleaner safe? New evidence suggests maybe not

    Posted on September 21, 2017 at 04:37 CDT by Comment in the Forums

    CCleaner is back in the headlines. After the initial report that the CCleaner installer included malware, Avast/Piriform/CCleaner claimed that installing the latest version of CCleaner — version 5.34 — would knock out the infection.

    Now Cisco’s Talos Group says that isn’t the case. For machines on some domains — samsung.com, vmware.com, cisco.com, linksys.com, and a couple dozen more — there’s a secondary infection that isn’t so easy to scrub.

    Martin Brinkmann at ghacks.net has a good overview.

    For those of us who have railed against registry cleaners for many years (“It’s like sweeping off a spot in a Target parking lot in Anacortes”), the brouhaha comes as a welcome vindication. Yes, I know CCleaner does more than registry cleaning. Mumble mumble.

    UPDATE: Catalin Cimpanu at Bleepingcomputer digs into the code. Signs point to this being the handiwork of Axiom, which has been linked to the “Chinese Intelligence Apparatus.”

    UPDATE: Avast confirms the Talos Group report.

    UPDATE: Kevin Beaumonth (@GossiTheDog) has a scary conclusion:

    The CCleaner hack is the biggest single remote code execution attack possibly ever. They had huge amounts of access,  it is incredible.

    They were directly behind firewalls at governments, banks, Fortune 500 etc and pulled it off for a month without any detection. Crazy.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.