Jump to content

beamzer

Members
  • Content Count

    3
  • Joined

  • Last visited

About beamzer

  • Rank
    ISF Newbie
  1. beamzer

    Malware on Digital Digest Mirror

    I just checked, and the link is indeed clean (confirmed with SHA-1 sum). Thanks for fixing this.
  2. beamzer

    Malware on Digital Digest Mirror

    That's way to easy, Digital Digest is presented as #1 download site, top choice. You have a responsibility where you send your users to. I suppose you get money from them, can't think of any other reason why you would present this kind of dodgy site to your users. And if people complain about malware it's their own fault. Look at the screenshot from Digital Digest, people should not click the big download button, but the very little here at the end of the tucked away text in the lower left corner? Please take your users seriously and remove dodgy download sites. There are multiple complaints about malware on that download site, doing nothing about it and actively participating in sending users over there is unethical and might even be an offense.
  3. On of our users triggered the IDS with InstallCore traffic, this was because she installed ImgBurn. I decided to replay here actions on a Virtual Machine. Mirror 1 (top choice) from Digital Digest serves the file with added malware when you click their "Click here to Download" button. This redirects to: hxxp://www.fedutmit.com/i%3Epp8vg3v7ov/Setup_ImgBurn_2.5.8.0_XJx8ZB_dlm.exe Which has a SHA256sum of: 1c37adfd742cd71799d571895937223ffa233737ede5cfbdeee1c6cf6f0cac92 Setup_ImgBurn_2.5.8.0_XJx8ZB_dlm_2771745258.exe and contains the InstallCore malware: https://www.virustotal.com/#/file/1c37adfd742cd71799d571895937223ffa233737ede5cfbdeee1c6cf6f0cac92/detection I went on with the installation, making sure not to click on special offers. Norton AV was offered (nice, offering AV an injecting malware in the same install) but nothing else. On the virtual PC Fapfoma/Unwaders was trying to be installed, see screenshots. We will be blocking ImgBurn for all our users to prevent this from happening again.
×

Important Information

By using this site, you agree to our Terms of Use.