Technical details: https://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
There is a similar blog post from the affected company: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
We’re more on the technical side here–so, please prefer submitting the technical stuff instead of news writeups.
(Keep news writeups on HN. <3 )
Perhaps worth a merge with a nearly simultaneous submission: CCleanup: A Vast Number of Machines at Risk
I’m actually pretty conflicted about this because if a tool is justified and needed (passes all checks from security/devops/it/etc) and is installed on a system, how often do you update? Update whenever a new version is released? Wait a week or a month? Never update? Update only when told to update from IT or whomever?
But then what about personal computers where you do not have some sort of safeguard. People always say to update to the latest version of software to keep secure and to get the bug fixes. However, in this case, it would have been potentially bad. A lot of damage could have been done in that short amount of time.
TBH you should be able to sue companies for distributing malwares to your computer.