Jump to content

Possible compromised installer on downloads page


tylermontney

Recommended Posts

I saw the last few posts here complaining about it, so not trying to be redundant.

Main Concern

I originally downloaded the installer from the one hosted by ImgBurn. Malwarebytes picked it up and quarantined it. I uploaded it to VirusTotal, and got 31/68 reporting it bad. Downloaded from 3 other mirrors (listed below) and they were only 1/68. Hash from those 3 are the same, and don't match the hosted one. It's one thing for a hash mismatch, and it's another to have this much disparity between hashes. MD5/SHA matches the ImgBurn hosted one, but not the other 3.

I noticed in one of the posts where someone was suggesting the installer was a virus, the author said something like "do you think a tool since 2005 could be a virus". It's not that I question where ImgBurn itself is valid. I've used it for quite some time. It's whether I trust the hosting itself. This has happened to other software developers where someone's compromised the server and replaced the existing copy with a bad one. Example: https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/

Also, I couldn't download from the other two mirrors. One, Malwarebytes blocked from loading, the other just wouldn't download. I'd also say half the mirrors are sketchy, and ad-ridden (giving you fake download links, bundling PUPs, or trying to get you to use a download manager). I'm not sure why some of these were chosen, but they really need to be reviewed. Heck, many of those mirrors may all be AWS/Azure/Google/etc. now (meaning no redundancy).

tl;dr

Author, it seems possible your own hosting has been compromised and a fake copy of ImgBurn is being hosted. Although it's very possible it's a false positive, I'd appreciate a review as it's very confusing and should be fixed anyway.

Virus Total Links

ImgBurn copy: https://www.virustotal.com/gui/file/d7dea2819edc77bc44db637cd324e61942b54930cb3034f8f1a417b7dd27b514/detection
Major Geeks/Softpedia/Free-Codecs: https://www.virustotal.com/gui/file/49aa06eaffe431f05687109fee25f66781abbe1108f3f8ca78c79bdec8753420/detection

PS: Does ImgBurn support converting MacOS .dmgs to bootable iso? (This is the main reason I was downloading it.)

Edited by tylermontney
Link to comment
Share on other sites

ImgBurn doesn't do any image conversion at all.  It just burns what you feed it.  It can create images, but not convert between types.  And, I don't think Mac is supported, so ImgBurn couldn't create those images, anyway, even if you did feed it a bunch of files to make it bootable.

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.