New
#301
CCleaner 5.35.6210 changelog:
- All builds signed with new Digital Signatures
CCleaner 5.35.6210 changelog:
- All builds signed with new Digital Signatures
Latest info from Avast about the hack. The popular belief that 64 bit was unaffected is not true, This was stated in the first disclosure but was changed in the second or third disclosure
Additional information regarding the recent CCleaner APT security incident
The problem was that due to a crash of the database, there were only about 3.5 days’ worth of data. Our hypothesis was that this occurred because of the server running out of disk space on September 10, leading the operator to a full rebuild of the database.
However, further investigation revealed that the attackers backed up the data from the crashed CnC server to another server before rebuilding the database. Thanks to the continued work of the Avast Threat Labs team, the help from US law enforcement personnel, and also the help from the hosting provider ServerCrate and its founder.
The server’s IP address was 216.126.225.163, it featured the same self-signed SSL certificate (issued for speccy.piriform.com) and stack-wise, had a typical “LAMP” configuration: CentOS release 6.9 with Apache 2.2.15, PHP 5.3.3, but most importantly, a MySql database that turned out to contain data going back to August 18.
Access to this backup server allowed us to assemble what we believe is the complete database (the only missing piece is a 40-hour window between 2017-09-10 19:03:18 and 2017-09-12 9:58:47 UTC, i.e. between the crash of the original CnC DB and the creation of the new one; it is not clear how the CnC server behaved in that period).
The main findings from the complete database are as follows:
- The total number of connections to the CnC server was 5,686,677.
- The total number of unique PCs (unique MAC addresses) that communicated with the CnC server was 1,646,536.
- The total number of unique PCs that received the 2nd stage payload was 40.
@Brink
New update for CCleaner released today. v5.36.6278 (24 Oct 2017)
CCleaner - Version History
v5.36.6278 (24 Oct 2017)
Browser Cleaning
- Firefox: updated Session cleaning rule to support changes in Firefox 56.0
- Chrome (& Chromium): updated Internet History cleaning rule to clean user activity data
- Opera: updated Internet History cleaning rule to clean user activity data
Default Cleaning Rules
- Windows Explorer: Most Recently Used documents and other MRU files no longer cleaned by default
- Windows Defender: Scan history no longer cleaned by default
- Microsoft Office: MRUs no longer cleaned by default
- Edge, Chrome/Chromium, Firefox, Opera, Safari, Thunderbird: Current session data no longer cleaned by default
Emergency Updater
- Added new executable: "CCUpdate.exe"
- Added new Windows Scheduled Task: "CCleaner Update"
I like the new added feature for FireFox too. "Session Cleaning" have to check mark it to enable this new feature thou.