Avast lobs intruders into the 'Abiss': Miscreants tried to tamper with CCleaner after sneaking into network via VPN On Monday, security biz Avast said it believes some of its credentials were stolen and abused in an unsuccessful attempt to subvert CCleaner, a file cleanup utility that it acquired in 2017. Jaya Baloo, CISO at Avast Software, said in a blog post that the security shop spotted suspicious behavior on its network last month and …
Ditch Avast.
I like the bit in the middle of the article:
'The attack was able to use compromised credentials through a temporary VPN profile that had been activated by mistake and didn't have two-factor authentication enabled.'
This is from what is (or is pretending to be) a computer security company, really!
Seems a bit strange every time a company gets hacked the attack is always "extremely sophisticated".
It may be true sometimes, but I doubt it is true as many times as the oft trotted out phrase is used.
And in the case of a security company I would say it is ineptitude or complacency to blame rather then the sophistication of the attack.
A bit like call centres' line of 'We're sorry but we're really busy right now' when they just can't be bothered to pay for the staff needed to provide the service.
And thanks El Reg for reminding me of the CCleaner thing, not that I ever trust 'cleaner' utilities.
Agreed.
Avast (may) have been a viable company at one point but over the last several years it has become more of a liability than anything else.
Also, there are open-source alternatives to CC-Cleaner such as BleachBit if you need to regain disk space or delete temporary files without having to worry about any unwanted bundled software getting installed.
So can LSO's and other file objects be deleted by "Bleach bit" like no other file cleaner I've EVER used can do? Just wondering? This is something I've proved over and over again using various scanners after a Trojan or any other malware object has previously be detected. After detection, I've run CCleaner and repeated various scans with various products, and never found the original script or batch file that caused the attempted infection in the first place.
If Avast's software is so ineffective, you have to ask yourself, why is it under attack? Yes I know Avast has become non sequitur after many years of success, but that is only because Microsoft operational security has become good enough that only a file cleaner need delete downloaded attack packages with ease. Now you better not have the UAC disabled, and the operating system not fully updated along with ALL applications. or opertated all the time as administrator online; But I've noticed again and again in my honeypot lab that past versions of CCleaner have proved they can remove anything that has not been able to execute - which is almost any thing that cannot take advantage of a zero day vulnerably installed on the machine.
So how bout it?
From a security standpoint, this article reads like asking your teenage daughter where she's been and having her casually tell you "We were at the ER because of the accident." "What accident??" "Oh, Bobby had been drinking and the brakes went out on his motorcycle. He was distracted by his infected neck tattoo, so his reaction time was slow when the guy with the shotgun jumped out at us. Lucky I took too many pain killers so when I was thrown from the bike, I was so relaxed that I wasn't hurt at all."
Avast compromised themselves years ago by spamming their users continually with Ads. A shame too, as they used to have one of the best freeware AV programs out there.
...whether they can trace the source.
Do we have "just plain villains" here or are the UK Security Services up to no good (again)?
Full marks for trying though - from an evil point of view of course. Compromising well-known utilities which request system privileges sounds like a good way into a lot of machines.
"Following its acquisition of CCleaner two years ago, Avast acknowledged that it had distributed a compromised version of the software that contained nefarious code"
And they've been distributing compromised versions of CC ever since... too many popups and offers of crap to be installed with every new version... and the Android version did little apart from pop up reminders
I find it quite useful. They flagged the problem themselves, when the next update started displaying ads. I looked into this, went back to previous version, disabled updates and blocked any connection attempts via firewall. But I do use it, manually, every now and then. If users can't be arsed to take a single step because "too much hassle", then shut up and eat shit they feed you.
When they bought ccleaner (for some reason I've always called in cc cleaner, glad not only one). Instead of leaving it as is, they've succeeded in fucking it up and filling it with crapware. When will these companies learn, buying something that is popular won't help you if you fuck with it. It was popular cause people liked it how it was. ):o(
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
