Linked by Thom Holwerda on Tue 19th Sep 2017 09:58 UTC
Privacy, Security, Encryption

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

Don't use registry cleaners. They serve no purpose.

Thread beginning with comment 649012
To view parent comment, click here.
To read all comments associated with this story, please click here.
Bill Shooter of Bul
Member since:
2006-07-14

I have been in this business for a long time

What buisness is that? The Computer using business? The sketchy utility business?


I then turned to CCleaner as I had a lot of bloat on my system anyways and sure enough the problem was gone after one CCleaner run.


Uhmm what kinda "bloat", the kind you know you never should have used in the first place? You know what happens when you start trusting shady 3rd party fixing programs? You get malware. So you either fix the problem the right way (TM) or you get malware.

Reply Parent Score: 3

rcaudill Member since:
2011-09-01

I love trolls like you. You come to attack someone. So let me tell you about myself, you minuscule little man. I have designed full fledged applications by myself for multiple organisations (including gov't orgs to help children) and have also been a lead developer for Syllable once. So when you attack someone you should really do your research.

And, when your company asks you to install software for business purposes (like Office or say a PDF reader, or different software to test validity of certs, or Wireshark, or Bash for Windows so you can use Windows while in a meeting where you must present MYSQL queries/bash commands to prove the validity of your programs and your presentation software does not work well with your remote desktop nor do you have time to setup something better cause you are too busy designing real software) and then you no longer need it, you get rid of it! Because if you don't, your company issued computer is slow and does not work as efficient as you need it to while you are compiling/interpreting QT4.8/QT5/NodeJS/PERL applications.

Reply Parent Score: 2

bassbeast Member since:
2007-11-11

You DO know you sound like someone who sells shoes saying they are qualified to do foot surgery? Because if you are using registry cleaners to "fix muh box" you are frankly as bad an end user as those grandmas that click on everything whose PCs I have to fix!

If you were an actual educated computer end user? Then you would know 1.- Don't install crap on your PC, 2.- If for ANY reason you have to install crap on your PC you use an install trace program like Revo to make a log of every change to your system so that on uninstall ALL of the changes are reversed, and 3.- You should have multiple disk images both on and offline so if any serious issue happened you could restore your PC in under 30 minutes with a single click.

I'm sorry but registry cleaners can seriously screw a PC up, most do not understand symlinks for just one example and if you had actually been a competent end user frankly a registry cleaner would never have been needed because you wouldn't have had programs crap all over your PC in the first place, see rules 1-3.

Reply Parent Score: 3