Quote:
Originally Posted by Brando
Can anyone confirm v 5.34 is clean?
|
From the link originally provided:
Quote:
|
In reviewing the Version History page on the CCleaner download site, it appears that the affected version (5.33) was released on August 15, 2017. On September 12, 2017 version 5.34 was released. The version containing the malicious payload (5.33) was being distributed between these dates. This version was signed using a valid certificate that was issued to Piriform Ltd by Symantec and is valid through 10/10/2018. Piriform was the company that Avast recently acquired and was the original company who developed the CCleaner software application.
|
I'm seeing the 32 Bite version mentioned, not seeing the 64 - yet.
Still reading the article, looking for indication that corrected versions fix the previous flaws.
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk
Quote:
|
It is also important to note that while previous versions of the CCleaner installer are currently still available on the download server, the version containing the malicious payloads has been removed and is no longer available.
|
EDIT:
So I'm looking at my "Downloads" folder and looking right at "ccsetup-5.33" on the (17th?) and the screen refreshes on me, and it vanishes.
Windows Defender then says malicious malware has been removed.
I look in Denfender's history, and "Backdoor:Win32/Floxif" has been removed and or quarantined.
Quote:
|
If even a small fraction of those systems were compromised an attacker could use them for any number of malicious purposes. Affected systems need to be restored to a state before August 15, 2017 or reinstalled. Users should also update to the latest available version of CCleaner to avoid infection. At the time of this writing that is version 5.34. It is important to note that according to the CCleaner download page, the free version of CCleaner does not provide automated updates, so this might be a manual process for affected users.
|
Monday, September 18, 2017
Quote:
|
It is also worth noting that at the time of this post, antivirus detection for this threat remains very low (The detections are at 1/64 at the time of this writing).
|
Quote:
|
As part of our response to this threat, Cisco Talos has released comprehensive coverage to protect customers. Details related to this coverage can be found in the "Coverage" section of this post.
|
Are they trying to sell something here?