Linked by Thom Holwerda on Tue 19th Sep 2017 09:58 UTC
Privacy, Security, Encryption

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

Don't use registry cleaners. They serve no purpose.

Thread beginning with comment 648999
To read all comments associated with this story, please click here.
CCleaner is great
by evert on Tue 19th Sep 2017 14:08 UTC
evert
Member since:
2005-07-06

CCleaner has often served me in the past. Whether or not Windows is broken because such tools are needed (and yes that is a shame) is irrelevant for the statement "CCleaner is a great tool".

CCleaner is not just a registry cleanup tool. It also helps cleaning the computer from temporary files, programs, cached stuff and so on. I like the all-in-one interface for such tasks.

Further, I agree with others (above) that registry cleanup can be very useful. E.g. broken file associations and broken explorer.exe extensions can be fixed.

That it got infected with malware is very, very disappointing because the mother company is Avast. I hope they do follow up on this.

I use Linux a lot, on the server, and increasingly on the desktop as well. Still Windows and many applications (games, Outlook) have their use.

Reply Score: 6

RE: CCleaner is great
by Sidux on Tue 19th Sep 2017 15:19 in reply to "CCleaner is great"
Sidux Member since:
2015-03-10

Well .. there are developers that hate it.
That's part of the reason Google no longer allows on Android for other applications to access / manage the cache of existing ones.
Also Apple and Microsoft offered built in options for keeping the system "clean" or at least move the unnecessary data somewhere else..
By design it shouldn't exist if everything is built by the book. Problem is, it never is.

Edited 2017-09-19 15:19 UTC

Reply Parent Score: 4

RE: CCleaner is great
by Bill Shooter of Bul on Tue 19th Sep 2017 16:58 in reply to "CCleaner is great"
Bill Shooter of Bul Member since:
2006-07-14

No, it isn't great. Its a terrible sign that the registry was a terrible idea. Microsoft should provide a tool. Trusting small third parties is a really bad idea.

If you need it, either your system had a very bad day, or a very bad user who installed bad programs on it. In either case the proper solution is not CC cleaner, but a full system wipe and restore.

Reply Parent Score: 3

RE[2]: CCleaner is great
by kurkosdr on Tue 19th Sep 2017 18:33 in reply to "RE: CCleaner is great"
kurkosdr Member since:
2011-04-11

Any OS that need crappy tools like ccleaner to (attempt to) run properly... is fundamentally broken


No, it isn't great. Its a terrible sign that the registry was a terrible idea.


Yeah, because the Unix Way(tm) of spraying six letter text files all over the harddrive (some of them ending with a d) is such a better idea.

There is nothing magical about the registry folks, it's a place where apps can store data. Instead of having plain text spread all over the harddrive, you get a standard location, and you can have types (of course most unix people don't get types in stored data, that's why they want everything to be stored as a string and hate the concept of the registry)

Whether some apps bork their own stored data or don't clean them after install is not the OS's problem.

Any OS that needs "antivirus" software to become a "normal" setup .. is fundamentally broken.

Aka, any OS that allows root access (ClamAV, anyone?). Desktop Linux has the same "security advantage" Mac OS X had before the mid-2000s, aka it isn't profitable enough for malware crime rings to target. In fact, with security being lax all around Desktop Linux (for example, third-party .deb or .rpm packages are often not signed, install.sh scripts are never signed but often require root access and the Ubuntu updater has to be manually triggered by the user instead of being automatic) I wouldn't be surprised if Desktop Linux has it's own Flashback moment if it ever becomes profitable to do so for malware crime rings.

Edited 2017-09-19 18:37 UTC

Reply Parent Score: 4

RE: CCleaner is great
by Seeprime on Wed 20th Sep 2017 06:07 in reply to "CCleaner is great"
Seeprime Member since:
2014-05-02

I agree that ccleaner has its uses. A good one is to delete temp files that contain malware that runs on startup. It works as intended. The issue with 5.33 was only on 32-bit Windows.

Reply Parent Score: 1