Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hackers spread hidden malware to 2.7 million people through CCleaner

18 Sep 2017   #1
BrightBlessings

Win7 Pro-64 Bit
 
 
Hackers spread hidden malware to 2.7 million people through CCleaner

Quote:
An app used by millions to optimise computer performance has been hit by a malware attack.
CCleaner is an application that helps computer-owners keep their devices optimised, by cleaning cookies, internet history and other temporary files.
http://www.alphr.com/security/100707...eaner-software


My System SpecsSystem Spec
.
19 Sep 2017   #2
Brds7t7

Windows 7 Pro & Ultimate (64-Bit) Retail, Windows 8.1 Pro (64-Bit) Retail
 
 

Nice update from Avast here:
Update to the CCleaner 5.33.6162*Security Incident

I've already read some OTT articles (before the facts were even out) telling people to wipe their systems.
My System SpecsSystem Spec
19 Sep 2017   #3
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Brds7t7 View Post
I've already read some OTT articles (before the facts were even out) telling people to wipe their systems.
It's not bad advise at all. In fact it's the only reliable way to clean an infected system. It's just a bit "interesting" how they knew about it before the news spreads.
My System SpecsSystem Spec
.

19 Sep 2017   #4
MeOnMine

Windows 7 Ultimate x64 SP1 OEM
 
 

Hi, it is to my understanding that it will only infect x86 machines.
I did a full scan on my x64 machine and found nothing.
I scanned the installer file and bam there it was.
My System SpecsSystem Spec
19 Sep 2017   #5
mjf

Windows 7x64 Home Premium SP1
 
 

I'd be curious to know if the portable version had the same malware problem.
My System SpecsSystem Spec
19 Sep 2017   #6
Brds7t7

Windows 7 Pro & Ultimate (64-Bit) Retail, Windows 8.1 Pro (64-Bit) Retail
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
It's not bad advise at all. In fact it's the only reliable way to clean an infected system. It's just a bit "interesting" how they knew about it before the news spreads.
I agree it's a good idea - if it's a bad infection and you have no other choice. But wiping your system should always be a last resort. This infection doesn't seem to have done any damage, despite possibly infecting a large number of systems.

The only thing that annoys me is how these articles handle the situation before even knowing the full facts. Too ill-informed and excessive for my taste!
My System SpecsSystem Spec
20 Sep 2017   #7
TechnoMage2016

Windows 7 Ultimate, SP1, x86
 
 

When any program gets that much bad press, why F' with it.....just delete it and move on.

CCleaner totally destroyed my PC twice and that's good enough for me, to ban it for life.
Now it's been hacked. What company is so lame as to let their #1 program get hacked?
So I just call it another POS and be done with it.

I use WinUtils and it's never been hacked and it has never trashed my PC, or the hundreds of other PC's that I've used it on.

Why even mess around with a second rate program, when there are Really Good ones out there that work perfectly, every time.

Jus sayin'

TechnoMage
My System SpecsSystem Spec
21 Sep 2017   #8
Brds7t7

Windows 7 Pro & Ultimate (64-Bit) Retail, Windows 8.1 Pro (64-Bit) Retail
 
 

Here's another update and more info from the Avast blog:

Progress on CCleaner Investigation
My System SpecsSystem Spec
21 Sep 2017   #9
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Brds7t7 View Post
I agree it's a good idea - if it's a bad infection and you have no other choice. But wiping your system should always be a last resort.
When it comes to security, when an infection/attack/hack is detected wiping the whole system isn't the "last resort", it's the very first suggestion you'll get from any security expert.

The problem we face is that we never know what the virus really does. It can simply show an innocent popup and nothing more, but also can call external servers, download further malware, infect system files, change, delete or steal any data in the computer, literally anything. And since you don't know what does it do, you cannot know the exact things you need to do to fully clean it.
If you want to ensure that your system is clean again, you need something that hasn't been in contact with the virus. A full wipe followed by a clean install gives that confidence you can't get any other way.


Quote   Quote: Originally Posted by Brds7t7 View Post
This infection doesn't seem to have done any damage, despite possibly infecting a large number of systems.
It doesn't really matters. A "properly" made virus will do everything it can to avoid being detected. No apparent change doesn't necesarily means that your system is clean, the computer does much more under the hood than it displays and so can malware, don't fall in the trap of believing you're safe because you can't see anything strange. The normal security advise remains "if the system is compromised, nuke it from orbit".
My System SpecsSystem Spec
22 Sep 2017   #10
Brds7t7

Windows 7 Pro & Ultimate (64-Bit) Retail, Windows 8.1 Pro (64-Bit) Retail
 
 

I'm not about to go searching for malicious code from every single piece of software I've ever downloaded for 3 reasons:

1) I'm not that skilled.

2) I'm not that patient.

3) I'm not that paranoid.

I've been saying for a few years that I wouldn't be surprised if there already IS some software on my systems which has some undetected backdoor I didn't know about.
I use several layers of protection, but that doesn't make me immune to everything. I'm sure there are plenty of undetected exploits that exist, but I'm not about to go wiping my PCs on a whim or through unfounded paranoia. If these "talented" hackers really are that determined to get into systems, they'll find a way somehow. They're often not detected until it's too late and the damage is already done. Although, they wouldn't find much of interest on my PCs as I don't keep anything personal or highly sensitive on them.

This isn't the first time malicious code has been slipped into a legit piece of software, and it certainly won't be the last time.
After reading the blogs and info from Cisco, it appears these were sophisticated attacks, mostly targeting tech firms. We're talking the "type" of attacks that were at the state sponsored level (I'm not saying they were, I'm just quoting). If I were to wipe my device on the advice of the many ill-informed articles (I'm not talking about security experts here, I'm talking about some casual tech writers who I've often seen giving poor advice), then I'd be wiping my systems once a week.

The point of my original post was not meant to be about how relevant/irrelevant viruses are - it was about some of the articles jumping the gun before the facts were even out. I see a lot of it lately.
If it had come from security experts, then I would be inclined to agree with it. But, I was specifically talking about some of the sites who seem to enjoy clickbait scare-mongering. I'm not about to start wiping my systems on the advice of some 3rd rate tech writer (no offence to the decent tech writers out there). There's a big difference between those and a security expert.

There's enough fear, paranoia and scare-mongering in the world these days as it is. Most of it comes from BS articles and media. It actually puts me off a lot of the internet lately, to the point where I'm using a lot of sites much less these days. In recent years, just some of the headlines are enough to make me shake my head in annoyance.
And those particular click-bait articles don't help matters! To them they see the word Virus and it's panic stations... All hands on deck... Tell the world to wipe wipe wipe format format format! The apocalypse is upon us!

Okay that last part may be a slight exaggeration but you get my point!

If I see a post from some legit security experts telling me I'd better wipe or restore an old image - then I'll restore an old image before I go to the nuke it option.
So far, all I've seen from security experts is some info that the 2nd stage payload affected a small number of organisations, they are advising those organisations be on the safe side and re-image from backups. The advice for home users is to upgrade to the latest version of CCleaner with new signed certificates.

Until I see more concrete facts, I'm not about to go wiping all my systems, even though I did briefly have v5.33 installed on some of them. It would take me weeks to get all my systems back up and running. Actually, more like months as I plan to have a social life too!
My System SpecsSystem Spec
Reply

 Hackers spread hidden malware to 2.7 million people through CCleaner




Thread Tools




Similar help and support threads
Thread Forum
Office Updates for Over 20 Million People
More - Office Updates for Over 20 Million People - Softpedia
News
12.5 million people download Opera 10.10 in first week
Source - 12.5 million people download Opera 10.10 in first week - TechSpot News
Browsers & Mail
Using software updates to spread malware
more..
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:46.
Twitter Facebook Google+