Forum Discussion

Amanda's avatar
Amanda
Moderator
8 years ago

PSA for CCleaner users!!

Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads -- 2.3 Million Infected

 

Read more:

https://www.forbes.com/sites/thomasbrewster/2017/09/18/ccleaner-cybersecurity-app-infected-with-backdoor/#75e1c55d316a

 

 

Tom's Hardware article link (less "junky"): http://www.tomshardware.com/news/avast-unknowingly-bundled-malware-ccleaner,35477.html   ---Thanks C0RR0SIVE

 

 

Just uninstalled it from my phone, I used it as a quick way to uninstall apps and clear cache. Uninstalling from my PC as soon as I get home today!

~Amanda

 

  • BirdDog's avatar
    BirdDog
    Assistant Professor

    Thanks Amanda! Luckily I didn't have the infected versions installed, hadn't updated it in awhile.

    • Amanda's avatar
      Amanda
      Moderator

      I used this for a very long time because I thought it was easier to just have a tool do for me what I could do in a few different built-in accessories for Windows. I'd rather do it all by hand than keep something I know might be comprimised again, especially with the threat of keyloggers and whatnot. 

      • MarkJFine's avatar
        MarkJFine
        Professor

        Wow... Good to know.

         

        Things like this is the single reason why I've avoided the temptation to use things like password utilities (like 1password) and such. That, and cloud-based things that make apps hand-off friendly.

         

        All nice ideas, but as we know, that road is always paved with good intentions and someone's always out there looking for an exploit.

  • GabeU's avatar
    GabeU
    Distinguished Professor IV

    Wow!  I got really nervous as I have CCleaner on all three of my machines, and they all had version 5.33, as well.  It wasn't until I read that it was only concerning the 32 bit versions that I felt a little relief.  Still, I've made sure to have all of my AV/AM software, including Malwarebytes, up to date and have completed scans.  I also downloaded and ran deep scans with both the Malicious Software Removal Tool and the Safety Scanner from Microsoft (not that they would really pick it up, anyway).  

     

    Just last month I was reading complaints and speculations on another board about CCleaner now being owned by Avast and how things may change.  This doesn't bode well.   

    • MarkJFine's avatar
      MarkJFine
      Professor

      Doesn't bode well for Avast, nor Symantec, whose certificates were compromised.

      • MarkJFine's avatar
        MarkJFine
        Professor

        Marked decrease in spam in the last 12 hours. Amazing how that works...

        All of a sudden all of the open relays get shut down after a mass security panic.

        You'd think they'd be doing regular checks.

    • C0RR0SIVE's avatar
      C0RR0SIVE
      Associate Professor

      This is a pretty old topic now... No, this isn't what you get with some free software, there are tons of products out there that are free (and in some cases can be purchased for more features) that work amazingly well... Sometimes a bad egg hatches and the good software dies off for good, other times someone makes a bad decision then notices it backfire.

      Good Stuff that has stayed decent over time:
      Malware Bytes
      CCleaner (Just a small hiccup...)
      HiJackThis
      ATTO
      Skype
      TeamViewer
      HWMonitor
      CPU-Z
      3dMark
      DropBox

      Things that went to absolute crap!
      Anything owned by Lavasoft
      Anything owned by Lavalys
      Photobucket
      SpyBot S&D (not sure what happened to them, Malwarebytes just kicked their **bleep**)



      Photobucket was a funny one... Consumer backlash was rather massive on twitter, facebook, and everywhere else that they had a Social PR presence, it got to the point that it seems Photobucket killed PR entirely and stuck to their guns going from a free offering to a $50 offering, that suddenly was only available on a $400 offering.  The idiots never learned and Photobucket is nearly dead now.  Ranked very highly on Alexa (Top 100), they are now at almost 3000, and falling rapidly.

      • GabeU's avatar
        GabeU
        Distinguished Professor IV

        C0RR0SIVEwrote:

        Things that went to absolute crap!
        Anything owned by Lavasoft
        Anything owned by Lavalys
        Photobucket
        SpyBot S&D (not sure what happened to them, Malwarebytes just kicked their **bleep**)

        Photobucket was a funny one... Consumer backlash was rather massive on twitter, facebook, and everywhere else that they had a Social PR presence, it got to the point that it seems Photobucket killed PR entirely and stuck to their guns going from a free offering to a $50 offering, that suddenly was only available on a $400 offering.  The idiots never learned and Photobucket is nearly dead now.  Ranked very highly on Alexa (Top 100), they are now at almost 3000, and falling rapidly.


        I used to use Adaware and Spybot S&D years ago.  At the time they were the best free programs/apps for adware and spyware.  It's interesting how things change like that over time.  

         

        Photobucket:  They're getting exactly what they deserve, the jerks.  To throw so many people out into the cold like that, and so suddenly?  SMH.