Slashdot Mirror
Avast's CCleaner Free Windows Application Infected With Malware (bleepingcomputer.com)
Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.
CCleaner wasn't malware all along?
It certainly seemed that way given how they advertised.
It seems that most anti-virus programs slow your machine down more than the malware than they purport to protect you from - and they're as damaging to your privacy too.
I'm not at all clear on what value they bring to the table.
Ian Ameline
... AVAST AntiVirus! Who would have guessed that a great tool like CCleaner would be messed up by Avast in no time at all.
To Terminate, or not to Terminate, that's the question - SCSIROB
Avast bought it. Always was a quick easy way to dump the garbage off your computer instead of 2-3 or more programs to do the same thing.
From the linked article: "The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems."
Someone capable of poisoning signed downloads (high complexity) should be able to select functional payload (low complexity). I don't see any alternative explanation to "ran on 32-bit systems" limitation other than incompetence. This doesn't add up.
Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.
The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.
As a regular and longtime user/installer of CCleaner, including version 5.33, it's possible that I may be infected. I've not seen any symptoms nor has Malware Bytes/Comodo detected anything, but....
Can any of the current tools check if any of my PCs are/may be infected?
Cisco Talos announces that malware cleaning app...
Except it wasn't a malware cleaning app. Just a cleaning app. Maybe it happened to clean malware that got caught in the recycle bin, but that's about the extent of it. Of course, it ended up being a malware-infected cleaning app. Maybe that's what the OP meant??
ASCII tastes bad dude.
Binary it is then.
Shit happens. Don't sue us, mkay?
Sure. CCleaner version 5.34. Available from downloads.ru today!
Do not look into laser with remaining eye.
That would be a cool trick - identifying itself as malware and then deleting it.
... First, Web of Trust and now this.
It little behooves the best of us to comment on the rest of us.
is it infected too?
The other possibility is that Avast is actually just another Malware company. When you consider how bloated it has gotten and how many resources it consumes, I don't think it is that far-fetched.
https://news.ycombinator.com/i...
FFS, creimer, please go watch this video and take its advice to heart.
https://www.youtube.com/watch?...
"The only applications I use ARE Microsoft Defender and Malware Bytes."
For a "published" "writer", you sure do have problems constructing grammatically correct English sentences.
They tell everyone of the infection but don't provide hashes for the infected files and installers. Class act right there. Just get 5.34 which is totally okay, we promise.
For a "published" "writer", you sure do have problems constructing grammatically correct English sentences.
If I wrote perfect sentences, you would have nothing to bitch about on Slashdot.
The only applications that I use is Microsoft Defender and Malware Bytes. All the third-party applications for keeping WinXP running weren't needed in Vista/7/8/10.
cdreimer, that sounds like a really boring PC. At least install Excel so you can have some fun typing in numbers and making up formulas.
Not as exciting as cat videos, I know, but something. There'e only so long I can watch Microsoft Defender before the magic starts to wear off.
No, the content of your sentences would still be unutterable shit, but at least they would be grammatically correct unutterable shit.
If you're going to shitpost, at least make it *difficult* to criticize your shitposts, you dumbfuck.
Time to download CCleaner version 5.32, the last Piriform version of CCleaner, before Avast bought it.
Putting this in my permanent archive. Will never upgrade from this version.
http://filehippo.com/download_ccleaner/download/45657838f7d7df4140118c21888ca61d/
Oh yes, I see, you are providing a valuable service to Slashdot. Furthermore, you are the only one providing anything to bitch about.
Creimer, it's amazing that no woman has just snapped you up. Between your muscular physique, your efficient metabolism that can somehow get bigger than 360 pounds on 1500 calories a day, and your humble personality, I'd marry you myself.
BTW, it *was* 1500 calories a *day*, not every meal, right?
You are not only supremely intelligent, cultured, refined and knowledgeable, but your biology is the next level of human evolution. Clearly your cells have mastered hydrogen fusion reactions.
There'e only so long I can watch Microsoft Defender before the magic starts to wear off.
Microsoft Defender on my PCs kick off at 3:00AM in the morning. If you're having trouble sleeping that late at night, I suggest taking Nyquil.
What software detects it?
Windows Defender? Malwarebytes?
Those of us "in the know" only trust APKs hosts file generator to stay protected from malware.
Cruz/Palin 2020
A hosts file is a single blacklist. A problem with blacklisting is that you have to implicitly trust the creator of the blacklist (unless you're going to tell me you personally verified each individual entry in it?). You have to trust that they didn't miss anything that should have been included in the blacklist, which is hard to confirm. You also have to trust that their reasons for adding an entry are what they claim (remember the politically motivated entries in censorship software like NetNanny?). That's also hard to confirm.
In that particular case you have to decide for yourself whether APK seems like a calm, sane, reasonable, logical person to trust something as important as your security to. It's not like he's offering to write you a check paying for all the costs of any malware that does get through so yes this comes down to trust, and all you have to go on are his Slashdot posts.
The other problem with blacklists is they are always having to play catch-up. Malware sources are dynamic and change constantly. Any blacklist will always be behind this curve, even the best of them. As mentioned, it's a *single* blacklist. Good security is done in layers. That's one thing security experts all agree on. I wouldn't use any solution in isolation no matter how good it is. To insist otherwise is more like religious fervor, not based on research or real world experience.
Morons tend to be filled with vague, pointless and dumb thoughts, thanks for noticing that about yourself.
And of course, YOUR schedule must be the universal schedule.
As opposed to 3:00AM in the afternoon? Or 3:00AM in the evening? Like your many rolls of fat, your language is redundant.
What, just because he's not sleeping YOUR way, he's doing it wrong? Creimer you're such a wanker troll. Also, you're trying to kill him by giving him bad medical advice, which makes you a DOUBLE wanker troll, and fourteen years old to boot, probably with a ladyboy girlfriend!
Look no further than the Repulsive One's bio:
C.D. Reimer writes about the everyday reality that he finds weird, twisted and absurd for which most people accept as being perfectly normal. He lives and works in Silicon Valley, consoling hurt computers and fixing broken users.
A real howler! (I'll just ignore the humor in the "and works" part.) I also quite enjoyed his "longer than he is taller" in the repugnant and vile:
https://www.scribd.com/book/193804069/A-Misplaced-Stick-Short-Story
You can get a sense that the fat fraud doesn't give a fuck about the foul and abominable feces he retches up on the world:
"a tree possessed by something more angrier than a disturbed beehive"
Apparently this was because his uncle tried to copulate with a knothole with a beehive in it. This guy's family would make inbreds shake their heads.
Spyhunter is trialware until you try to remove it.
Penelope's a good choice but i don't think Michael is eligible.
Another bitter literary critic who failed to find publishing success.
See subject: It's easy using startup area enumerators like AutoRuns 1st & ProcessExplorer (addtionally exposes libs called beneath services etc. in usermode which you rightclick on (use DLL View panel/subpanel) & 'freeze' (HLT instruction stream intercept) & delete it on disk - kill process, can't return).
Lastly vs. rootkits?
Windows bootup disks (CD/DVD whatever) have disable command vs. driver driven rootkits, & FDisk vs. bootsector originated ones...
APK
P.S.=> As to that last part? I use what the inventor of those 2 tools above all "The best Windows, ever" & he was right - it let's me do all that, no bullshit, easy - it works... apk
You two should get a room.
And of course, YOUR schedule must be the universal schedule.
IIRC, Microsoft Defender runs as an automatic task at 3:00AM. Since that's default setting, I haven't changed it.
https://www.scribd.com/book/193804069/A-Misplaced-Stick-Short-Story
Scribd is still having issues with my ebooks. I have notified Smashwords to push out my catalog again. Thanks for bringing this to my attention.
PC: Greetings, Professor:
Professor: Hi.
PC: Strange this Windows OS. The only winning move is not to use it. How about a nice Linux distribution?
I love the cover image for "The Giggling Mongoose: Scarlet Hearts" -- the cover image reads, "The Giggling Mongoose: Scartlet Hearts" - he can't even fucking spell the titles of his books properly... do you really expect him to put any effort into the actual CONTENT?
I love the cover image for "The Giggling Mongoose: Scarlet Hearts" -- the cover image reads, "The Giggling Mongoose: Scartlet Hearts" - he can't even fucking spell the titles of his books properly... do you really expect him to put any effort into the actual CONTENT?
If only Photoshop had a spellchecker! Thanks for pointing that out. I'll have it fix tonight. The downside of being an indie author is that you're one-person publishing house and mistakes happen all the time.
You two should get a room.
I doubt I could put up with the constant wanking. I find such lack of self-control disturbing.
With other treat about IOS removing antivirus from IOS store, I wonder if it will published on IOS. Doubleplus Good.
I'll have it fix tonight.
Do the universe a favor and have yourself fixed. (Although you already seem to be using your personality as a contraceptive.)
You aren't writing "A Brief History of Time" here, feces-breath, you're writing stuff that wouldn't even pass in a high school English class. You just needed to copy-paste your vile ASCII vomit into Photoshop (a paid copy, one assumes?). Better yet, given your immense programming skill, why not just use a database of the titles of all your UNESCO heritage works and title your silly eructations automatically?
https://en.wikipedia.org/wiki/ImageMagick
You bed-wetting fungus.
See subject: Hosts are good for that & also threats you have inside already that try communicate back to C&C (if they use hostnames, most do) but the QUESTION WAS HOW TO DETECT & REMOVE EXISTING ALREADY INTERNAL/INSIDE THREATS - the tools I noted do it.
* I "get it" you're just another UNIDENTIFIABLE "ne'er-do-well" troll STOOGE, but that's not MY fault - it's yours...
(... & @ least I did something about these threats, how about YOU?)
APK
P.S.=> Period... apk
A vast issue for them
How do you find time to post to slash dot when you are busy sucking so much moose dick?
It is because you are taking in the ass right now by one instead.
You are worse than cdreimer.
He is at least entertaining, you are just sad.
First of all, I'm fairly certain it's made by Piriform, not Avast. Second, it absolutely, unequivocally makes your computer slower with its default options. I mean deleting thumbnail cache? That's idiotic! So in that sense it absolutely is malware and always has been. But hopefully they get absolutely destroyed in court and get jail time so they shut down. I cannot stand their products.
I doubt that you could fit in that room. Shiiiieeeeeeet(clay Davis voice) I doubt you could even find your dick hiding in all those fat rolls.
you sound bitter, sweet tits
is this not true of virus scanners as well? they're always playing catchup, and you must trust that they didn't miss anything that should have been included, or trust that they don't pwn your machine on purpose.
It's a good thing we stopped the affiliate link nonsense.
That's funny. I counted 50+ affiliate tags being used by ACs over the last few months. Most never got called out because they're ACs. Sounds like a double standard to me.
is this not true of virus scanners as well? they're always playing catchup, and you must trust that they didn't miss anything that should have been included, or trust that they don't pwn your machine on purpose.
Yes, which is why my systems use things like PaX/Grsecurity, SELinux, ACLs, capabilities, and userland is compiled with SSP canaries.
I'd rather prevent an intrusion than trust some virus scanner to perfectly remove one after the fact. It helps that I don't use Windows.
Tell me which page you find the first instance of an amzn.to affiliate link that isn't you: https://www.google.com/search?...
Tell me which page you find the first instance of an amzn.to affiliate link that isn't you:
https://www.google.com/search?...
Still fixated with creimer. Change your search criteria to amazon.com to find the other tags. Considering how often Amazon is mentioned on Slashdot, you might to write a Python script to scrape the results.
See subject: IF something in hosts files offends you (or blocks access to), you can easiily edit out what you don't like using text editors...
* I wish you didn't HAVE to update it - I wouldn't have built APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ otherwise - so you DO stay current vs. the most current threats on the internet landscape.
APK
P.S.=> That is the TRUE BEAUTY of it, personal control (as well as kernelmode efficiency & speed in something that's proven for 44++ yrs. in hosts as part of the IP stack itself)... apk
See subject: YOU have to start a new FAKE NAME ACCOUNT (for your FAKE LIFE) named "BullShitWinkle", lol - you project it so much so I figured I'd give you a new name!
* RoTfLmAo...
APK
P.S.=> Rocky & Bullwinkle got NOTHING on you - you keep "going off" on mooses, I figure you are revisting some "childhood trauma" over some incident w/ a moose, hence BullWinkle, lol... apk
APK offers moose dick
And bullshit
See subject & my thoughts on what YOU need to do (lmao) https://it.slashdot.org/comments.pl?sid=11129871&cid=55221247/
APK
P.S.=> You keep projecting your issues w/ mooses, & Bullwinkle's a moose so, there ya go (lol)... apk
APK is rolling around in moose dick on the floor laughing while his ass gets filled
APK has real problems but just loves the moose dick too much to ever give it up even with all the trauma to internal organs it has cause him
Changing search criteria to amazon.com returns all results about Amazon.com stories on slashdot. So what page of the results is another person's amazon affiliate link? Just tell me.
that I don't update my software.
I installed CC Cleaner in my phone a couple of years ago. It couldn't do anything beyond what one can already do with the tools shipped with Android. And, as a bonus, it would interrupt you whenever it saw fit, and it used lots of CPU and battery to boot. This things has been nothing but malware from day one.
This post is sorely lacking tons of information and the few that are in it are wrong.
CCleaner is NOT a malware cleaning app. It's a registry and regular file cleaner software.
Furthermore, let's dig into the case:
- This ONLY affects the 32-bit version of CCleaner and CCleaner Cloud, which accounts for some 3% of Piriform users. If you are using 64-bit version, you are probably safe. From Piriform’s website: “This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected.”;
- From Piriform’s accessment, here’s the actual danger: “The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done.”
- The investigation is still ongoing, but Piriform is saying that the issue has been solved, that no harm was done, and what seems like it didn’t originate from official CCleaner/Piriform sources. Which is to say, it could be embedded code that was inserted on 3rd party download websites. There is further explanation on Talos' post how it was a sofisticated attack because whoever did it managed to put up a valid cert on the infected version of Ccleaner though, so there should be more information coming out as the investigation proceeds.
If you wanna dig more into the whole thing, here's Piriform's official statement:
https://www.piriform.com/news/...
And here's Talos security accessment of the case:
http://blog.talosintelligence....
Changing search criteria to amazon.com returns all results about Amazon.com stories on slashdot. So what page of the results is another person's amazon affiliate link? Just tell me.
Nope. Go write a Python script, pull in all the search results, find every Amazon url, search for every '&tag=' and print out a list of tags. How hard can it be?
APK's thoughts are always on moose dick
He is always trying to figure out how to get more of it
He did try getting 2 in his ass once but he was hospitalized for a couple of weeks
slash dot was a nicer place for those few short weeks
I am looking forward to my exit in supporting other people's Windows boxen. I cannot *wait* until I can say, with a big fat grin on my face, "Sorry, I don't do Windows support anymore", or better yet, "Sorry, I've literally *never* used Windows 11" (or whatever stupid Windows name they call it by then).
I'm getting goosebumps just thinking about it. Oh, happy days await me. =}
It is pitch black. You are likely to be eaten by a grue.
Why would I do that? Google seems to think that cdreimer/creimer are the only accounts that do this on Slashdot. He claimed he has seen other people do it all the time (50+ times over last few months from just what he has seen himself). I think he's a liar. I am not saying people never use them, but he is by FAR the the most frequent user. Enough so that other people's posts don't show up in the first 20 pages of google search results.
Enough so that other people's posts don't show up in the first 20 pages of google search results.
You're looking for amzn.com, which creimer used extensively as a calling card. If you want to find all the ACs using affiliate links, you need to filter the out the tag-specific amazon.com URLs from the noise. How else do you think the ACs are getting away with it?
Since Slashdot web page loads the OneLink JavaScript, which only works with the full URL and not the URL shortener, expect more Amazon links to pop up.
The real question is why are you running 32-bit software in this day and age?
Because that's the only version what was affected. ie. the 64-bit version is apparently OK.
There is a more technical breakdown of the malware from the folks at Talos that discovered it. According to them ClamAV has a signature to detect the altered installers. Also it looks like Malwarebytes has the signature too so if that is what you are using get the updated signature files and run a scan.
Otherwise look for outbound traffic attempting to go to 216.126.225.148, that is the hardcoded C2 server the malware uses.
Of all tyrannies, a tyranny sincerely exercised for the (supposed) good of its victims may be the most oppressive
If only Photoshop had a spellchecker!
Yeah, if only.
It's a good thing mammals have an automatic breathing reflex, one wonders how you'd manage otherwise.
" you might to write a Python script"
creimer-like grammar detected. Come on, Chris, if you're going to impersonate ACs, try to put some effort into it.
"I doubt I could put up with the constant wanking."
Hilarious from a guy who hasn't had an erection since the first Clinton administration. Or much use for one.
"I find such lack of self-control disturbing."
Speaking of self control, how many times a day do you post here?
You don't need to be a three-star Michelin chef to criticize the food in a restaurant. And you've been serving under-seasoned shite for years.
" you might to write a Python script"
creimer-like grammar detected. Come on, Chris, if you're going to impersonate ACs, try to put some effort into it.
Do you want some spam-flavored macadamia nuts with your whine?
" you might to write a Python script"
creimer-like grammar detected. Come on, Chris, if you're going to impersonate ACs, try to put some effort into it.
You seriously need to stop assuming that every AC is creimer. This fixation is unhealthy.
The version before Avast bought it was version 5.32 on July 2017. Here we see version 5.33 with the Floxif malware after August 2017.
Coincidence? I think not.
That's funny, I counted 10 of your siblings in this video:
https://www.youtube.com/watch?...
Why does everybody now knows they are your siblings? Easy proof:
https://school.discoveryeducat...
As other posters have mentioned, Photoshop does indeed have a spellchecker. But, hey, don't worry about it, I asked your siblings and they didn't know about it either:
https://www.youtube.com/watch?...
Here is some of what those other posters might have been thinking about:
https://school.discoveryeducat...
Don't change your default behavior either:
https://www.youtube.com/watch?...
https://school.discoveryeducat...
Information about pachyderms, Christopher Dale Reimer and autistic people:
Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.
To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.
The autistic patient condition went even worse because he realized it wasn't the same penny!
Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.
I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
http://www.sccoe.org/depts/stu...
Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
https://www.cdreimer.com/slash...
Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
https://school.discoveryeducat...
But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.
Thank You dear users,
-Nancy Guerrero
Only ACs that display creimer's typical shibboleths. He's not clever enough to disguise himself properly.
Dear Mr. Reimer:
Section 5 of the Amazon.com Associates program Operating Agreement (excerpted below) clearly spells out the need for you to identify yourself as an Amazon Associate on your Site, or any other location where Amazon may authorize your display or other use of Content.
It has come to our attention that you have failed to comply with this requirement repeatedly in your activities on Slashdot.org, and in doing so, you are adversely impacting the brand image and intellectual property of Amazon.com. Please desist in all non-compliant use of Amazon Associate links, or we will be forced to take adverse action against your account.
Thank you,
John Smith
Customer Relations - Amazon Associates
Because a normal person wouldn't AC-respond to any comment buried 20 layers deep inside of a reimer spergfest to tell a rando that their behavior is "unhealthy"
I notice that some unpopular internet posters have the same reaction to their detractors that the general population has to them.
So reimer feels that it's normal to tell someone their internet behavior is "unhealthy" when you don't like what they're doing. But reimer's behavior is extremely unhealthy.. getting made fun of online is not good for one's mental health and making yourself into number one lolcow on the birthplace of the GNAA is extremely stupid.
Have you considered what would happen to you if someone like weev noticed you?
I mean I don't normally use windows (Linux for home for since the turn of century) but when I do always installed this to clean registry. I was never sure why microsoft didn't just add a cleaner but hey!