back to article Avast lobs intruders into the 'Abiss': Miscreants tried to tamper with CCleaner after sneaking into network via VPN

On Monday, security biz Avast said it believes some of its credentials were stolen and abused in an unsuccessful attempt to subvert CCleaner, a file cleanup utility that it acquired in 2017. Jaya Baloo, CISO at Avast Software, said in a blog post that the security shop spotted suspicious behavior on its network last month and …

  1. Anonymous Coward
    Anonymous Coward

    If you haven't already...

    Ditch Avast.

    I like the bit in the middle of the article:

    'The attack was able to use compromised credentials through a temporary VPN profile that had been activated by mistake and didn't have two-factor authentication enabled.'

    This is from what is (or is pretending to be) a computer security company, really!

    Seems a bit strange every time a company gets hacked the attack is always "extremely sophisticated".

    It may be true sometimes, but I doubt it is true as many times as the oft trotted out phrase is used.

    And in the case of a security company I would say it is ineptitude or complacency to blame rather then the sophistication of the attack.

    A bit like call centres' line of 'We're sorry but we're really busy right now' when they just can't be bothered to pay for the staff needed to provide the service.

    And thanks El Reg for reminding me of the CCleaner thing, not that I ever trust 'cleaner' utilities.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you haven't already...


      Avast (may) have been a viable company at one point but over the last several years it has become more of a liability than anything else.

      Also, there are open-source alternatives to CC-Cleaner such as BleachBit if you need to regain disk space or delete temporary files without having to worry about any unwanted bundled software getting installed.

      1. Zippy´s Sausage Factory

        Re: If you haven't already...

        Upvote for BleachBit, thanks. CC has become a horrible bit of software I've been wanting to ditch for ages, although far too lazy to search for alternatives for, so I will give it a try.

      2. JCitizen

        Re: If you haven't already...

        So can LSO's and other file objects be deleted by "Bleach bit" like no other file cleaner I've EVER used can do? Just wondering? This is something I've proved over and over again using various scanners after a Trojan or any other malware object has previously be detected. After detection, I've run CCleaner and repeated various scans with various products, and never found the original script or batch file that caused the attempted infection in the first place.

        If Avast's software is so ineffective, you have to ask yourself, why is it under attack? Yes I know Avast has become non sequitur after many years of success, but that is only because Microsoft operational security has become good enough that only a file cleaner need delete downloaded attack packages with ease. Now you better not have the UAC disabled, and the operating system not fully updated along with ALL applications. or opertated all the time as administrator online; But I've noticed again and again in my honeypot lab that past versions of CCleaner have proved they can remove anything that has not been able to execute - which is almost any thing that cannot take advantage of a zero day vulnerably installed on the machine.

        So how bout it?

    2. Cavehomme_

      Re: If you haven't already...

      I’m not an Avast user for many years, but at least they are being transparent and it wouldn’t surprise me if others have been compromised too.

  2. ken jay

    i am probably not the best person to comment on avast as i still use avg free and i have not been subject to any malware or virus attacks since the late 90`s. because i am far too dilligent to allow myself to install software that is only open source and verified by its users.

    1. Jimmy2Cows Silver badge

      That's just great, congrats. Whilst you're here, care to share any other personal awesomeness with us?

    2. renniks

      eh, Avast bought AVG a couple of years back?

  3. YetAnotherJoeBlow

    Just my opinion

    I think possibly the first compromise Avast had was perhaps more damaging than they realized. If I do not see a privilege escalation CVE from BIS, they either are not patching or their network is still compromised.

  4. Winkypop Silver badge

    Always wondered

    Wheteher it was a crap cleaner OR a crap cleaner?

    Seems it's a crap cleaner...

  5. Huw D

    Baloo? Does the bare necessities.

    1. DubyaG

      I remember that movie, saw it when I was a young sprout.

  6. Snorlax Silver badge

    Ye scurvy dogs

    Compromised creds

    'Temporary' VPN account was left enabled

    No 2FA on the VPN login

    Little (no?) monitoring for privilege escalation

  7. Unicornpiss

    Train wreck..

    From a security standpoint, this article reads like asking your teenage daughter where she's been and having her casually tell you "We were at the ER because of the accident." "What accident??" "Oh, Bobby had been drinking and the brakes went out on his motorcycle. He was distracted by his infected neck tattoo, so his reaction time was slow when the guy with the shotgun jumped out at us. Lucky I took too many pain killers so when I was thrown from the bike, I was so relaxed that I wasn't hurt at all."

    Avast compromised themselves years ago by spamming their users continually with Ads. A shame too, as they used to have one of the best freeware AV programs out there.

    1. ma1010
      Paris Hilton

      Re: Train wreck..

      I LOVE your conversation there. Makes me wonder if you've met my granddaughter.

      Paris because Paris is someone said granddaughter could only hope to match in intelligence.

  8. batfink

    It would be interesting to see...

    ...whether they can trace the source.

    Do we have "just plain villains" here or are the UK Security Services up to no good (again)?

    Full marks for trying though - from an evil point of view of course. Compromising well-known utilities which request system privileges sounds like a good way into a lot of machines.

  9. Anonymous Coward
    Anonymous Coward

    "Following its acquisition of CCleaner two years ago, Avast acknowledged that it had distributed a compromised version of the software that contained nefarious code"

    And they've been distributing compromised versions of CC ever since... too many popups and offers of crap to be installed with every new version... and the Android version did little apart from pop up reminders

  10. Dedobot

    CC is the first thing to be removed when a someone complains to me that his laptop is "slow". Its a malware from the beginning, not just accidentally last years. Like every "cleaner", "booster" using standard OS tools with funky UI.

    1. Anonymous Coward
      Anonymous Coward

      CC is the first thing to be removed

      I find it quite useful. They flagged the problem themselves, when the next update started displaying ads. I looked into this, went back to previous version, disabled updates and blocked any connection attempts via firewall. But I do use it, manually, every now and then. If users can't be arsed to take a single step because "too much hassle", then shut up and eat shit they feed you.

      1. steviebuk Silver badge

        Re: CC is the first thing to be removed

        Don't understand the downvote as yeah, the old versions are still useful.

  11. steviebuk Silver badge

    Avast fucked it all up

    When they bought ccleaner (for some reason I've always called in cc cleaner, glad not only one). Instead of leaving it as is, they've succeeded in fucking it up and filling it with crapware. When will these companies learn, buying something that is popular won't help you if you fuck with it. It was popular cause people liked it how it was. ):o(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like