Windows 7: Hackers spread hidden malware to 2.7 million people through CCleaner

http://www.alphr.com/security/100707...eaner-software

Nice update from Avast here:
Update to the CCleaner 5.33.6162Â*Security Incident

I've already read some OTT articles (before the facts were even out) telling people to wipe their systems.

It's not bad advise at all. In fact it's the only reliable way to clean an infected system. It's just a bit "interesting" how they knew about it before the news spreads.

Hi, it is to my understanding that it will only infect x86 machines.
I did a full scan on my x64 machine and found nothing.
I scanned the installer file and bam there it was.

I'd be curious to know if the portable version had the same malware problem.

I agree it's a good idea - if it's a bad infection and you have no other choice. But wiping your system should always be a last resort. This infection doesn't seem to have done any damage, despite possibly infecting a large number of systems.

The only thing that annoys me is how these articles handle the situation before even knowing the full facts. Too ill-informed and excessive for my taste!

When any program gets that much bad press, why F' with it.....just delete it and move on.

CCleaner totally destroyed my PC twice and that's good enough for me, to ban it for life.
Now it's been hacked. What company is so lame as to let their #1 program get hacked?
So I just call it another POS and be done with it.

I use WinUtils and it's never been hacked and it has never trashed my PC, or the hundreds of other PC's that I've used it on.

Why even mess around with a second rate program, when there are Really Good ones out there that work perfectly, every time.

Jus sayin'

TechnoMage

Here's another update and more info from the Avast blog:

Progress on CCleaner Investigation

When it comes to security, when an infection/attack/hack is detected wiping the whole system isn't the "last resort", it's the very first suggestion you'll get from any security expert.

The problem we face is that we never know what the virus really does. It can simply show an innocent popup and nothing more, but also can call external servers, download further malware, infect system files, change, delete or steal any data in the computer, literally anything. And since you don't know what does it do, you cannot know the exact things you need to do to fully clean it.
If you want to ensure that your system is clean again, you need something that hasn't been in contact with the virus. A full wipe followed by a clean install gives that confidence you can't get any other way.


It doesn't really matters. A "properly" made virus will do everything it can to avoid being detected. No apparent change doesn't necesarily means that your system is clean, the computer does much more under the hood than it displays and so can malware, don't fall in the trap of believing you're safe because you can't see anything strange. The normal security advise remains "if the system is compromised, nuke it from orbit".

I'm not about to go searching for malicious code from every single piece of software I've ever downloaded for 3 reasons:

1) I'm not that skilled.

2) I'm not that patient.

3) I'm not that paranoid.

I've been saying for a few years that I wouldn't be surprised if there already IS some software on my systems which has some undetected backdoor I didn't know about.
I use several layers of protection, but that doesn't make me immune to everything. I'm sure there are plenty of undetected exploits that exist, but I'm not about to go wiping my PCs on a whim or through unfounded paranoia. If these "talented" hackers really are that determined to get into systems, they'll find a way somehow. They're often not detected until it's too late and the damage is already done. Although, they wouldn't find much of interest on my PCs as I don't keep anything personal or highly sensitive on them.

This isn't the first time malicious code has been slipped into a legit piece of software, and it certainly won't be the last time.
After reading the blogs and info from Cisco, it appears these were sophisticated attacks, mostly targeting tech firms. We're talking the "type" of attacks that were at the state sponsored level (I'm not saying they were, I'm just quoting). If I were to wipe my device on the advice of the many ill-informed articles (I'm not talking about security experts here, I'm talking about some casual tech writers who I've often seen giving poor advice), then I'd be wiping my systems once a week.

The point of my original post was not meant to be about how relevant/irrelevant viruses are - it was about some of the articles jumping the gun before the facts were even out. I see a lot of it lately.
If it had come from security experts, then I would be inclined to agree with it. But, I was specifically talking about some of the sites who seem to enjoy clickbait scare-mongering. I'm not about to start wiping my systems on the advice of some 3rd rate tech writer (no offence to the decent tech writers out there). There's a big difference between those and a security expert.

There's enough fear, paranoia and scare-mongering in the world these days as it is. Most of it comes from BS articles and media. It actually puts me off a lot of the internet lately, to the point where I'm using a lot of sites much less these days. In recent years, just some of the headlines are enough to make me shake my head in annoyance.
And those particular click-bait articles don't help matters! To them they see the word Virus and it's panic stations... All hands on deck... Tell the world to wipe wipe wipe format format format! The apocalypse is upon us!

Okay that last part may be a slight exaggeration but you get my point!

If I see a post from some legit security experts telling me I'd better wipe or restore an old image - then I'll restore an old image before I go to the nuke it option.
So far, all I've seen from security experts is some info that the 2nd stage payload affected a small number of organisations, they are advising those organisations be on the safe side and re-image from backups. The advice for home users is to upgrade to the latest version of CCleaner with new signed certificates.

Until I see more concrete facts, I'm not about to go wiping all my systems, even though I did briefly have v5.33 installed on some of them. It would take me weeks to get all my systems back up and running. Actually, more like months as I plan to have a social life too!