What should Avast do with CCleaner backdoor?

What should Avast do to satisfy people affected by the CCleaner Trojan infection.

  • Nothing. Avast is just the owner.

    Votes: 22 25.6%
  • Provide a specific removal tool, because Talos (security experts) advise image recovery

    Votes: 48 55.8%
  • Provide a give away or discount for the Avast paid version

    Votes: 12 14.0%
  • Provide a give away or discount for the CCleaner paid version

    Votes: 22 25.6%
  • Other please specify

    Votes: 14 16.3%

  • Total voters
    86
  • Poll closed .
5

509322

Blah. I bet no one posting in this thread has ever owned a business, or had a clue.

It's just a bit more than frustrating when learning resources are consolidated here at MalwareTips for user convenience and education - right at the fingertips - and very few bother to avail themselves of any of the resources.
 

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
I voted for provide a removal tool, i didn't use CC cleaner myself anymore( after it removed something from my registry twice but that was probably something i checked or unchecked after or during the installation) my reason for voting that option is that for just the average joe bloggs home user (me, with next to no knowledge) i wouldn't feel comfortable deleting things from the registry and i don't think i should be expected to. I believe that if they provide this, there is no need to offer discounts etc as no real damage was done to anyones pc from what i gather.

NO.It is not avast's fault.They just acquired a company (Piriform).It is Piriform's fault.

Surely when Avast acquired CCcleaner/Piriform they also inherit the responsibility of the software, you don't get to pick and choose which bits you want to keep, it's a package.
 

hamo

Level 10
Verified
Well-known
Mar 30, 2014
468
Intersting ..!
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk

CONCLUSION
This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates. In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected. Cisco Talos continues to monitor all aspects of the threat landscape to quickly identify new and innovative techniques used by attackers to target organizations and individuals around the world.
 

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
Intersting ..!
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk

CONCLUSION
This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates. In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected. Cisco Talos continues to monitor all aspects of the threat landscape to quickly identify new and innovative techniques used by attackers to target organizations and individuals around the world.
Well, Cisco Talos is using this ''event'' for some marketing and manipulations to make some cash ;)
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
270
Analysed a late August and an early Sept Macrium image of my C drive (over 60 full/incremental images are saved based on retention rules) to check if my PC was infected. My Start Menu shortcuts always ran the x64 version which did not have the malware payload. Phew! Dodged a bullet there.

What should Avast do? Well, it IS Avast's baby now and they ought to clean up the mess. Firstly, tighten development/build server security to ensure this never happens again. Publish removal instructions and better still offer a free removal tool that makes it easy for users to get rid of the malware. Not every Windows user is comfortable editing the Windows registry.
 
Last edited:

shadek

Level 1
Aug 20, 2017
17
I was shocked when I heard of this. Luckily, I (for some reason I don't remember) had disabled the update check setting so I never updated from .32 to .33. Updated to .35 now since we can't know for sure if .32 was infected.

I think they should provide a cleanup tool for the mess they infected the users with. I can't see why they should give away their or Avast products for free though.
 

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,194
Hi
I choose "Provide a specific removal tool, because Talos (security experts) advise image recovery"
Avast say there's no need to restore your system:
we don't consider the advice to reformat and/or restore the affected machines to the pre-August 15 state to be based on facts (by similar logic, security companies are not usually advising customers to reformat their machines after a remote code execution vulnerability is identified on their computer, just because there was a hypothetical possibility that something might have gotten in).
 
5

509322

Progress on CCleaner Investigation by the Avast Security Threat Labs team
Progress on CCleaner Investigation

Everybody has these moments. Everybody...

"Now I gotta revise what I said..."


Doh.jpg
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top