Jump to content
CCleaner Community Forums

Stephen CCleaner

  • Content Count

  • Joined

  • Last visited

Everything posted by Stephen CCleaner

  1. hazelnut is correct. We use Fastly for a number of things, including web caching.
  2. Hi everyone, Our developers are looking into this issue. Thanks.
  3. Hi WNT I'll try to clear this up. Nyetya is a type of malware completely unrelated to the malware seen in CCleaner v5.33.6162. Nyetya was discovered in late June 2017 by the Talos research team (Cisco) and was delivered via Ukrainian accounting software called M.E.Doc. In their first blogpost on the CCleaner malware investigation, Talos reference Nyetya as an example of "how potent [a supply chain attack] can be". Separately, on the day the security vulnerability was disclosed, Malwarebytes initially detected v5.33.6162 of ccleaner.exe as 'Trojan.Nyetya'. The malware that was injec
  4. Thanks, that's useful info. I'm not directly involved with the website but will pass it on.
  5. Hi everyone, I noticed this when linking to the FAQs and we fixed this yesterday. The information at https://piriform.zendesk.com/hc/en-us/articles/115001699371 is correct.
  6. As has been mentioned, all reputable antivirus solutions have been updated to detect CCleaner v5.33 as containing malicious code. This includes the v5.33 installer file that may still have been present on your system from the initial download.
  7. Hashes and other FAQs: https://piriform.zendesk.com/hc/en-us/articles/115001699371 Indicators of Compromise (IOCs) are in the latest Avast blogpost: https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
  8. Some antivirus software have been updated to remove these keys, so this is not necessarily true. However, if your antivirus solution has not flagged these keys to you before removing, then it suggests no communication from your system was made to the command and control server.
  9. Hi again everyone, Avast have published some more information from the investigation. I'll share more information when I'm able. Avast blog: Investigation Progress Update #3 by Avast Threat Labs team (Monday, 25 September 2017) This third progress confirms how many and which companies were specifically targeted by the attack and present a hypothesis on the origin of the perpetrator(s). The blogpost also contains a full list of IOCs (Indicators of Compromise - in this case a list of files whose existence show that a system has at one time been compromised by this attack). https://b
  10. Hello everyone, As some of you have noted, a new update has been posted on the Avast blog. I have added this to the list of official information on the first page. Avast blog: Investigation Progress Update #2 by Avast Threat Labs team (Thursday, 21 September 2017) This second progress update explains why only part of the command & control server logs were recovered and provides yet deeper technical understanding of the way the malicious code was put together. It also shares some clues as to the identity of the perpetrators. https://blog.avast.com/avast-threat-labs-analysis
  11. Hi upset Please can you post a screenshot of the issue using the Windows 'Snipping' tool? Thanks
  12. Hello everyone, Yesterday I updated the first post in this thread to give a better overview of events to any new reader, and as a handy reference for anyone wishing to fact-check. This morning another official announcement has been made from the team investigating the attack. Importantly, it reveals that the second-stage payload was delivered to select IP addresses and seems to be targeted at select large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. I would encourage you to read this blog and I have added it to the threadstarter. Avast blo
  13. Hi golftango Please accept our deepest apologies for this. I would like to draw your attention to our Security Notification on this, here: https://forum.piriform.com/index.php?showtopic=48869 You can update immediately to the latest version of CCleaner Free via this link: https://www.piriform.com/ccleaner/download/standard
  14. Hi Andavari, Have you read this: https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident ? In that blogpost there is a quote from the CTO of Avast that says: Further to this, and touching on some of the requests in this thread, a new version (5.35.6210) has been released on the Piriform website signed with new certificates: http://www.piriform.com/news/release-announcements/2017/9/20/ccleaner-v535 Lastly, I'd like to apologise for the communication thus far. Things have been moving very quickly and our focus has been on getting out security updates.
  • Create New...