Posted on 09/18/2017 5:25:00 AM PDT by dayglored
Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday.
The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices.
CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.
A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.
[... more at the link including instructions for updating...]
(Excerpt) Read more at reuters.com ...
Thanks for the heads-up
Thanks.
From the article-
“In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.
Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said.”
If we haven’t ‘updated’ in months is the program safe?
The original developer, Piriform, was bought by Avast in July. The compromise dropped a month later. Looks like the work of a disgruntled former employee. Good reaction by Avast but this doesn't inspire confidence in the product. Anyone familiar with any alternative products?
How did they put code into the company’s software?
I have v5.31.6105 version- should I update?
I have used CCleaner on all of my PCs for years. Now I need to check all of them to make sure I am not running the infected version.
Sometimes I really miss MS-DOS.
According to the article, only v5.33.6162 was infected.
From the article:
My computer was hacked about 2 or 3 weeks ago and they also got into my other 2. ccleaner kept popping up in the lower right corner of the desktop.. I don’t know if I ever put it on my computer.. they were on my computer moving my mouse and I pulled the plug. I just got one fixed and they added the free ccleaner and avast. Can’t a technician know if they are clean?
I thought they got in with team viewer, but the ccleaner that suddenly became obvious .. along with all the other stuff they messed with, is enough to go cold turkey on computering.
Anyway, I uninstalled and downloaded the new version.
Thanks again.
Its been 6 months or so but I’m not using that one any more.
I never download “free” software, unless I specifically go looking for it for a specific reason.
I refuse all unsolicited offers, no matter how “well intentioned”.
#8, inside job?
I buy a license for System Mechanic, it’s reasonably priced.
It’s generally free for a reason. Usually not a good one.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.