What should Avast do with CCleaner backdoor?

What should Avast do to satisfy people affected by the CCleaner Trojan infection.

  • Nothing. Avast is just the owner.

    Votes: 22 25.6%

  • Provide a specific removal tool, because Talos (security experts) advise image recovery

    Votes: 48 55.8%

  • Provide a give away or discount for the Avast paid version

    Votes: 12 14.0%

  • Provide a give away or discount for the CCleaner paid version

    Votes: 22 25.6%

  • Other please specify

    Votes: 14 16.3%
  • Total voters
    86
  • Poll closed .
5

509322

Peter2150 said:
Blah. I bet no one posting in this thread has ever owned a business, or had a clue.
Click to expand...

It's just a bit more than frustrating when learning resources are consolidated here at MalwareTips for user convenience and education - right at the fingertips - and very few bother to avail themselves of any of the resources.
 
  • Like
Reactions: roger_m, mlnevese and Weebarra
Weebarra

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
I voted for provide a removal tool, i didn't use CC cleaner myself anymore( after it removed something from my registry twice but that was probably something i checked or unchecked after or during the installation) my reason for voting that option is that for just the average joe bloggs home user (me, with next to no knowledge) i wouldn't feel comfortable deleting things from the registry and i don't think i should be expected to. I believe that if they provide this, there is no need to offer discounts etc as no real damage was done to anyones pc from what i gather.

Captain Awesome said:
NO.It is not avast's fault.They just acquired a company (Piriform).It is Piriform's fault.
Click to expand...

Surely when Avast acquired CCcleaner/Piriform they also inherit the responsibility of the software, you don't get to pick and choose which bits you want to keep, it's a package.
 
  • Like
Reactions: frogboy, Sunshine-boy and plat1098
hamo

hamo

Level 10
Verified
Well-known
Mar 30, 2014
468
Intersting ..!
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk

CONCLUSION
This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates. In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected. Cisco Talos continues to monitor all aspects of the threat landscape to quickly identify new and innovative techniques used by attackers to target organizations and individuals around the world.
 
  • Like
Reactions: Weebarra, frogboy, Venustus and 1 other person
spaceoctopus

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
hamo said:
Intersting ..!
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk

CONCLUSION
This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates. In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected. Cisco Talos continues to monitor all aspects of the threat landscape to quickly identify new and innovative techniques used by attackers to target organizations and individuals around the world.
Click to expand...
Well, Cisco Talos is using this ''event'' for some marketing and manipulations to make some cash ;)
 
  • Like
Reactions: Weebarra, frogboy, Venustus and 4 others
R2D2

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
270
Analysed a late August and an early Sept Macrium image of my C drive (over 60 full/incremental images are saved based on retention rules) to check if my PC was infected. My Start Menu shortcuts always ran the x64 version which did not have the malware payload. Phew! Dodged a bullet there.

What should Avast do? Well, it IS Avast's baby now and they ought to clean up the mess. Firstly, tighten development/build server security to ensure this never happens again. Publish removal instructions and better still offer a free removal tool that makes it easy for users to get rid of the malware. Not every Windows user is comfortable editing the Windows registry.
 
Last edited:
  • Like
Reactions: brambedkar59, spaceoctopus, Weebarra and 4 others
S

shadek

Level 1
Aug 20, 2017
17
I was shocked when I heard of this. Luckily, I (for some reason I don't remember) had disabled the update check setting so I never updated from .32 to .33. Updated to .35 now since we can't know for sure if .32 was infected.

I think they should provide a cleanup tool for the mess they infected the users with. I can't see why they should give away their or Avast products for free though.
 
  • Like
Reactions: spaceoctopus, Weebarra, Venustus and 3 others
R

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,136
omidomi said:
Hi
I choose "Provide a specific removal tool, because Talos (security experts) advise image recovery"
Click to expand...
Avast say there's no need to restore your system:
we don't consider the advice to reformat and/or restore the affected machines to the pre-August 15 state to be based on facts (by similar logic, security companies are not usually advising customers to reformat their machines after a remote code execution vulnerability is identified on their computer, just because there was a hypothetical possibility that something might have gotten in).
Click to expand...
 
  • Like
Reactions: ElectricSheep, spaceoctopus, Weebarra and 2 others
5

509322

Captain Awesome said:
Progress on CCleaner Investigation by the Avast Security Threat Labs team
Progress on CCleaner Investigation
Click to expand...

Everybody has these moments. Everybody...

"Now I gotta revise what I said..."

Doh.jpg
 
Last edited by a moderator:
  • Like
Reactions: Behold Eck, mlnevese, Weebarra and 2 others
You must log in or register to reply here.

Similar threads

Nunzio_77
    • Like
Serious Discussion Data leak: Avast Free or Bitdefender Free?
Replies
28
Views
2,430
General Security Discussions
ifacedown
ifacedown
M
    • Like
    • +Reputation
New Update NEW Avast version 24.3
Replies
1
Views
761
Avast
Bot
Bot
lokamoka820
    • Like
Hot Take Best Linux Distributions To Replace Windows
Replies
56
Views
2,222
ChromeOS & Linux
Spiff
Spiff

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top