Welcome, Guest. Please login or register.

Login with username, password and session length

 
Advanced search

1092910 Posts in 72340 Topics- by 19432 Members - Latest Member: joshealejo
Jump to:  
The Trombone ForumHorns, Gear, and EquipmentTechnology(Moderator: john sandhagen) CCleaner Hacked With Data-Stealing Malware Injection
Pages: [1]   Go Down
Print
Author Topic: CCleaner Hacked With Data-Stealing Malware Injection  (Read 635 times)
0 Members and 1 Guest are viewing this topic.
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6642

View Profile
« on: Sep 18, 2017, 08:26AM »

Multiple responsible outlets are reporting this

CCleaner Hacked With Data-Stealing Malware Injection

Quote
CCleaner, a system-optimization tool with more than 2 billion downloads worldwide, is used by many Windows, Mac and Android users who want looking to keep their devices running as fast as possible. Unfortunately for them, it appears that hackers decided to sneak their own code into a recent build of CCleaner for Windows in an attempt to steal data and possibly infect users' systems with even more malicious applications.


Quote
The attack took place by piggy-backing onto CCleaner by infiltrating the servers that distribute the software, infecting version 5.33 of the Windows utility and version 1.07 of its cloud-based sister application.

Quote
If you've updated CCleaner since Aug. 15 and you're running 32-bit Windows, you may be infected. You should roll back to a pre-Aug. 15 snapshot of your system, or run a malware scan. Following either (or both) of those steps, visit Piriform's site to download and install the latest, clean version of CCleaner.

Fortunately, I'm on 64 bit Windows, but many people are not even if they have a 64 bit computer.

I always wondered how they can be sure the anti-malware software doesn't have malware. Now I know they can't.

Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
tbathras
*
Offline Offline

Location: Southern Maine
Joined: Jul 15, 2013
Posts: 999

View Profile
« Reply #1 on: Sep 18, 2017, 08:30AM »

I never trust anything of the sort. Period.
Logged

"Remember, your trombone is not a weapon!" -Ben van Dijk
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51530
"Almost Professional"


View Profile
« Reply #2 on: Sep 18, 2017, 08:56AM »

I haven't used that program in years.  I think it may be on a couple of my old Windows XP disks (none of which are in current use).  But I know I didn't download any versions for a few years.

Malware and Virus programs can be spotty at best.  I remember one time we got infected with a virus called "Junky".  Norton didn't find it, but McAfee did.  So I wound up scanning a few drives (including my company's servers) with McAfee and got rid of it before it spread too far.  We got the virus from a USB drive being used by one of our vendors.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
timothy42b
*
Offline Offline

Location: Colonial Heights, Virginia, US
Joined: Dec 7, 2000
Posts: 12460

View Profile
« Reply #3 on: Sep 18, 2017, 09:20AM »

Malwarebytes identifies Advanced Systemcare as a .pup virus. 

Owning a computer is starting to demand as much knowledge as it did in the 70s. 
Logged

Tim Richardson
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51530
"Almost Professional"


View Profile
« Reply #4 on: Sep 18, 2017, 09:40AM »

Malwarebytes identifies Advanced Systemcare as a .pup virus. 

Owning a computer is starting to demand as much knowledge as it did in the 70s. 

This just piqued my interest.  I've been using ASC for at least 5 years and never seemed to have problems from it.  What about it is bad?
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6642

View Profile
« Reply #5 on: Sep 18, 2017, 10:18AM »

Malwarebytes identifies Advanced Systemcare as a .pup virus. 
 

I've noticed this too.   

"pup" just means "potentially unwanted program", not necessarily a virus.

Perhaps the fact that it also wants to install ASC software is what gets it that flag.

I've set Malwarebytes to ignore ASC.
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 51530
"Almost Professional"


View Profile
« Reply #6 on: Sep 18, 2017, 11:29AM »

I use several members of the IOBit suite and I will confess every time it upgrades it opens an awful lot of pages in my browser.  Get a few of them coming up at once and you have a load of extra pages to clean up.

I even paid for the "professional" version for a year.  Didn't see it doing much more, so I let it lapse.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Merrimack Valley Philharmonic Orch. President 2017-2018
M.R.Tenor

*
Offline Offline

Location: Northeast Ohio
Joined: May 21, 2011
Posts: 91

View Profile
« Reply #7 on: Sep 19, 2017, 06:04AM »

CCleaner only ever made anything I put it on run much worse, whether it was a phone, desktop, laptop, etc. Half of these programs are malware themselves, even if they do what they claim to. You can't get a virus anymore sure, but it's only because you can't even use your system with all the I/O lock up from your "protection". I wonder if it was really hackers, or if someone just found out how they were mining user data, and they need a cover up story.

You can't be sure that they aren't malware themselves. And you get what you pay for with software. They wouldn't have bothered making the program if it was truly free. It's not a simple undertaking.

McAfee and Norton are the two I still trust, and Norton has let a few things slip through that McAfee thought were problems, though I haven't had any noticeable problems with malware in the whole family since XP days. Don't go to weird sites and download free things that are supposed to cost money, and don't enable flash or Java by default.

Granted, these are just home systems. Anything with other people's information on them should be handled by well trained professional IT. I'd be running at least a private VPN with security and anti-malware at the router level if I was doing work from home.
Logged
Pages: [1]   Go Up
Print
Jump to: