CCleaner 5.33 carried malware inside - Has F-Secure some suggestions to fight against
Yesterday I read from IT news that , CCleaner v.5.33 has been carrying some malware.
I have trusted that cleaning program to be safe, and used it for years in all computers of my family. Naturally I had just upgraded CCleaner to all those laptops and workstations during a couple weeks when the infected CC-version was offered. Most of those machines are used in net payments and other bank operations needing proper safety.
My machines are running F-Secure SAFE, but it has not informed anything fromCCleaner?
No I upgraded CCleaner to v.5.34, which should be clean according to Piriform, and which should clean the bad code while upgrading. Howeve, When I ran Malwarebytes analysis, it discovered:
Trojan.Netya
Which I could quarantine and delete with Malwarebytes.
Today Piriform vp informs in web that there is no reason to worry. But...
Has F-Secure any suggestions to fight against this attack?
Comments
-
-
Hello,
From this situation -> I just found that Pirifiorm acquired by Avast.
And if such situation did not happened -> probably it will be still unknown for me.
But not clear based on official statements: does F-Secure only detect installer (!?) executable with payload... or certain 'result' under system too (if it possible to detect)? Thanks.
-
@hakasa wrote:I wonder why F-Secure did not prevent me to download, install and run CCleaner 5.33 Setup executable? Nor informed me of also loaded malware, nor quarantined it?
Especially, if F-Secure could detect it?
Hello,
Sorry for my reply. I'm also only F-Secure user (their Home Solutions) and CCleaner user (with some systems); So -> only as my own unofficial suggestions/feelings/feedback about your ask:
Spoiler--> Firstly, trouble not fully about 5.33 - but about certain build also (5.33.6162);
While official article from Piriform with strange wording (?! when troublebuild start be available for downloading) -> maybe you hit certain good build (before/after);
AND also claimed that only 32-bit installers (but I do not understand it.. such as -> I not sure if Piriform do provide certain installers as 32bit/64bit; and installed CCleaner under 64bit system with both of executables);
--> Secondly, it was unknown for most of security software/companies about certain 'compromissed' installers. And when it start be known -> after some hours/days -> executables is detected;
Not prevented to download -> because website/server/domain/URL for downloading -> is not rated as harmful/suspicious; And certain executable file was not known as 'trouble-file" (so -> launch/install - if it was ?! -> allowed);
And then certain payload do suspicious... but probably not critical things (with common meanings - if we talk about 'valid' software); But this is based on articles (not sure - how it was indeed);
I also not sure -> if Malwarebytes under your system detected "trojan.netya" about CCleaner (?!); Does it possible to re-check any Malwarebytes scan logs about destination/path or so (just as re-sure what file/items did trigger such detection);
And if this is based on CCLeaner (and your system was one of 'systems' with installed compromissed CCleaner) --> indeed good to receive answer/explanation about potential abilities of F-Secure. Such as -> if there was such suspicious activities - why any of layers do not prompted something. Or even... this is not analysed properly (based on current public statistics -> count for detection about "Trojan.PRForm.A, Backdoor.Agent.ABXS" is quite large. And for backdoor-part more stable count);
Possible to trigger Full Scan by F-Secure (as re-check that your system do not have any 'not active' files from this situation);Thanks!
// added at 25.09.2017:
under piriform's community-forum published probably useful reply (with potential steps - where system can be with trouble and when maybe not):
https://forum.piriform.com/index.php?showtopic=48869&page=11#entry286985
