PaulNM on 18 Sep 2017 15:10:56 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] o/t CCleaner


On 09/18/2017 11:10 AM, jeff wrote:
for those of you forced to use The Redmond Menace, CCleaner is a great cleaner. Provided you didn't download from 8/15 to 9/12, when there was malware included. Update ver 5.33 to 5.34 to fix.


Apparently only the 32 bit version was affected, so at least there's that. They've also managed to disable the external infrastructure the attackers were using.

Interesting, because Avast bought Piriform, which makes CCleaner. How did someone get that far into things to corrupt a program and via where?

I doubt anything changed within Piriform as a result of the buyout, they're most likely operating as a separate division or sub-company. That said, Avast Threat Labs was involved in investigating the situation.

I'm just as curious about how they got in as you are. The blog post makes it clear that the modification was in it's CRT. It sort of implies it happened prior to compilation, but I think it still could have been that the binary was modified afterwards.

-- PaulNM
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug