Jump to content
Jacee

Piriform's CCleaner used to distribute malware

Recommended Posts

It removed the remnant/traces of the IObit\Advanced SystemCare folder.

Share this post


Link to post
Share on other sites

So it seems that Revo removed all traces except the actual folder name (which is benign) and this Cleaner, removed the actual folder name, and confirmed that Revo did its job, at least as well as this latest cleaner.  If I were designing this, I would have left the folder name as a forensic clue, as Revo did.

 

I don't buy the explanation, that Piriform offered, that this was a sophisticated successful attack on their "company's hosted" latest revision of the cleaner.  The infected update was left available on the company's web site for almost a month.  Meanwhile the installed base was being driven to the company's site, to get infected by the "There is a new update available." built into the Piriform CCleaner Software.  (Good reminder that anytime you select, "Keep this software updated automatically" you are skating on thin ice and trusting that this exact thing will not happen again, with any vendor, and you are opening a door into your system, and trusting the "Whatever Company's security".

 

I note that Jacee suggested removal of the Cleaner after using it... (Good Advice) I think I will not just uninstall it, but remove all traces with Revo, and then watch for Security News on Revo.  I don't like trusting even Revo, or the hosts that Revo uses to host their latest revision, so maybe we need serial forced removals, by multiple removal vendors, with the most trusted and least recently hacked removal vendor, used as the last.

 

Share this post


Link to post
Share on other sites

I'll bet it turns out that most of these hacks are inside jobs, or the result of an insider (or former insider) that hangs and socializes with a less than reputable crowd.  An insider knows where the weak points are, in any system.  With that kind of knowledge, it doesn't take much sophistication, to hack in to anything, including the Pentagon.  

 

Most people thought John Podesta to be too sophisticated to be duped as he was, or to use "password" as his password, unless that is FakeNews.

Edited by JohnDotCom
Clarity...

Share this post


Link to post
Share on other sites

John, Juliet is right. "It removed the remnant/traces of the IObit\Advanced SystemCare folder." PS.........

With that kind of knowledge, it doesn't take much sophistication, to hack in to anything, including the Pentagon

Yep. it's been on TV, within the last couple of days.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×