Warning: 32-bit version of CCleaner 5.33 compromised
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Warning: 32-bit version of CCleaner 5.33 compromised
(Also posted in Other Applications)
Piriform has released a bulletin acknowledging that the versions of CCleaner v5.33.6162 (released on the 15th of August, 2017) and CCleaner Cloud v1.07.3191 (released on the 24th of August, 2017) for 32-bit Windows contained a backdoor that could be used to send some information from your computer to a server in the USA.
The versions for 64-bit Windows and other Piriform products were not affected.
If you still have one of the above versions, you are urgently recommended to install the versions released in September.
See Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
Piriform has released a bulletin acknowledging that the versions of CCleaner v5.33.6162 (released on the 15th of August, 2017) and CCleaner Cloud v1.07.3191 (released on the 24th of August, 2017) for 32-bit Windows contained a backdoor that could be used to send some information from your computer to a server in the USA.
The versions for 64-bit Windows and other Piriform products were not affected.
If you still have one of the above versions, you are urgently recommended to install the versions released in September.
See Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 12618
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Warning: 32-bit version of CCleaner 5.33 compromised
It looks like the default installation on 64 bit Windows is the unaffected 64 bit version, so for most of us this should just be a reminder to be vigilant
StuartR
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Yes, indeed. The 64-bit version is installed by default on 64-bit Windows. But it's a frightening idea that it's possible to introduce malware into popular software from a major security company (Piriform has been owned by Avast since July of this year)...
Best wishes,
Hans
Hans
-
- Panoramic Lounger
- Posts: 8185
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Sometimes it pays to be not only a dinosaur but a slow dinosaur. I'm still on 32 bit Ccleaner v5.32, i.e. I've missed out on v5.33.
Ken
Ken
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Hehe, then I'm a fossil in Jurassic Park; I'm on v. 5.30 (and 64-bit).
I think most of the updates recently has been about Win 10, Edge etc. Kids stuff.
Great start for Avast.
I think most of the updates recently has been about Win 10, Edge etc. Kids stuff.
Great start for Avast.
Byelingual When you speak two languages but start losing vocabulary in both of them.
-
- Microsoft MVP
- Posts: 1320
- Joined: 24 May 2013, 15:33
- Location: Warminster, PA
Re: Warning: 32-bit version of CCleaner 5.33 compromised
I've looked at the blog posts from Morphisec and Cisco Talos, which both reported the malware to Avast. It's pretty clear that it was an "inside job" by someone who had access to Piriform's build server. According to Morphisec,
I'll be interested to hear the details of the investigation if and when the perpetrator is identified.First, we identified that the TLS initialization of callback functions was probably altered by a modification of the visual studio runtime file... Such modifications can be done by someone with access to the machine that compiles the code.
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- Panoramic Lounger
- Posts: 8185
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Warning: 32-bit version of CCleaner 5.33 compromised
That sounds like a conspiracy theory has got hold of you, have you checked your tin foil hat recently?HansV wrote:A disgruntled employee?
Ken
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Warning: 32-bit version of CCleaner 5.33 compromised
A hack by the foreign government of your choice would have been a real conspiracy theory!
Best wishes,
Hans
Hans
-
- Panoramic Lounger
- Posts: 8185
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Now you're talking!HansV wrote:A hack by the foreign government of your choice...
Ken
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Warning: 32-bit version of CCleaner 5.33 compromised
You do not have the required permissions to view the files attached to this post.
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 12618
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
-
- Panoramic Lounger
- Posts: 8185
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Perhaps he's painting his ceiling? Or perhaps he's on his way to your house, to paint your ceiling? I'm reliably informed you have several in need of a coat of paintStuartR wrote:Why is that man wearing my hat?
Ken
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Warning: 32-bit version of CCleaner 5.33 compromised
He's a bit weird...StuartR wrote:Why is that man wearing my hat?
Best wishes,
Hans
Hans
-
- Administrator
- Posts: 7215
- Joined: 15 Jan 2010, 22:52
- Location: Middle of England
Re: Warning: 32-bit version of CCleaner 5.33 compromised
He obviously read your mind and copied the (faulty) design.StuartR wrote:Why is that man wearing my hat?
Leif
-
- Administrator
- Posts: 12618
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Warning: 32-bit version of CCleaner 5.33 compromised
He can't possibly have read my mind Leif, you know full well that tin foil hats provide complete protection against both mind control AND mind reading
StuartR
-
- Administrator
- Posts: 12618
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Warning: 32-bit version of CCleaner 5.33 compromised
I finished painting my ceiling now Ken, that's why my tin foil hat is a bit paint spattered.stuck wrote: Perhaps he's painting his ceiling? Or perhaps he's on his way to your house, to paint your ceiling? I'm reliably informed you have several in need of a coat of paint
StuartR
-
- Panoramic Lounger
- Posts: 8185
- Joined: 25 Jan 2010, 09:09
- Location: retirement
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Feel free to pop up north this weekend and help me with paint some walls.StuartR wrote:...I finished painting my ceiling now...
Ken
-
- Lounger
- Posts: 42
- Joined: 21 Mar 2015, 15:43
Re: Warning: 32-bit version of CCleaner 5.33 compromised
Recent developments are really scary:
https://arstechnica.com/information-tec ... -appeared/
"Now that it's known the CCleaner backdoor actively installed a payload that went undetected for more than a month, Williams renewed his advice that people who installed the 32-bit version of CCleaner 5.33.6162 or CCleaner Cloud 1.07.3191 reformat their hard drives. He said simply removing the stage-one infection is insufficient given the proof now available that the second stage can survive and remain stealthy."
https://arstechnica.com/information-tec ... -appeared/
"Now that it's known the CCleaner backdoor actively installed a payload that went undetected for more than a month, Williams renewed his advice that people who installed the 32-bit version of CCleaner 5.33.6162 or CCleaner Cloud 1.07.3191 reformat their hard drives. He said simply removing the stage-one infection is insufficient given the proof now available that the second stage can survive and remain stealthy."
Rick Groszkiewicz
Life is too short to drink bad wine (or bad coffee!)
Life is too short to drink bad wine (or bad coffee!)
-
- Administrator
- Posts: 78574
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Warning: 32-bit version of CCleaner 5.33 compromised
It is worrying, but there are two mitigating factors:
1) Only computers with 32-bit Windows were infected. A very large majority of users will have 64-bit Windows, since that has been the default for the last 10 years or more.
2) The second-stage infection was only activated on computers within a small number of corporate domains (see the list shown in the article).
The number of computers that meet both criteria is likely to be small. But those should indeed be reformatted.
1) Only computers with 32-bit Windows were infected. A very large majority of users will have 64-bit Windows, since that has been the default for the last 10 years or more.
2) The second-stage infection was only activated on computers within a small number of corporate domains (see the list shown in the article).
The number of computers that meet both criteria is likely to be small. But those should indeed be reformatted.
Best wishes,
Hans
Hans