Re: [PLUG] o/t CCleaner

[Joe Rosato <rosatoj@gmail.com>]

Fun trivial - The name CCleaner was a rename of "Crap Cleaner" ;-)

On Mon, Sep 18, 2017 at 6:10 PM PaulNM <plug@paulscrap.com> wrote:

On 09/18/2017 11:10 AM, jeff wrote:
> for those of you forced to use The Redmond Menace, CCleaner is a great
> cleaner. Provided you didn't download from 8/15 to 9/12, when there was
> malware included. Update ver 5.33 to 5.34 to fix.
>

Apparently only the 32 bit version was affected, so at least there's
that. They've also managed to disable the external infrastructure the
attackers were using.

> Interesting, because Avast bought Piriform, which makes CCleaner. How
> did someone get that far into things to corrupt a program and via where?

I doubt anything changed within Piriform as a result of the buyout,
they're most likely operating as a separate division or sub-company.
That said, Avast Threat Labs was involved in investigating the situation.

I'm just as curious about how they got in as you are. The blog post
makes it clear that the modification was in it's CRT. It sort of implies
it happened prior to compilation, but I think it still could have been
that the binary was modified afterwards.

-- PaulNM
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--

Joe

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug