Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansi152.zip spreads Malware TR/Agent2.fhyp #36

Closed
paderEpiktet opened this issue Sep 27, 2012 · 4 comments
Closed

ansi152.zip spreads Malware TR/Agent2.fhyp #36

paderEpiktet opened this issue Sep 27, 2012 · 4 comments

Comments

@paderEpiktet
Copy link

Hello!

Please see

https://www.virustotal.com/url/a26790d7d675591c35fe79837a38c1883c36231a1433ae80a127ffa2a4c5364e/analysis/1348750694/

and

https://www.virustotal.com/file/b06028d5a83b7d34036bfe7f0c608ed3141f22c6dec42e910b588d404170650f/analysis/1348750746/

for the url

!!! do not click this url !!!
https://github.com/downloads/
adoxa/ansicon/ansi152.zip

!!! do not click this url !!!

With best regards

Andreas
@adoxa
Copy link
Owner

adoxa commented Sep 27, 2012

Sure, and look at the report for 1.53 and #30 for my response.

@adoxa adoxa closed this as completed Sep 27, 2012
@Donavan
Copy link

Donavan commented Sep 27, 2012

Dunno if malware is being served or not but I just received the following from our security folks:
This weekend McAfee anti-virus detected this software as Trojans GenericTRA-BE!0302913BDCF3 and Generic.dx!bf3c and deleted the infected software from a number of systems. Websense also has classified this website as hosting malicious software. As I previously stated, scanners from multiple vendors have detected the malware, which means malware in this software is not a false-positive. Most likely the source code was recompiled and uploaded with malware. This has happened in the past to other open-source projects. At the current time, we cannot allow access to this file via GitHub. I'm sorry this is causing difficulties, but your only alternative is to try locating the software via a mirror or alternate source that has not also been infected with malware. Once GitHub has cleaned up the issue at their end, Websense should automatically reclassify the site and allow access again.

@paderEpiktet
Copy link
Author

Hello Donavan,

this comment asks whether the url

      !!! do not click this   https://github.com/downloads/adoxa/
     ansicon/ansi152.zip  do not click this !!!

mentioned above is really blocked. Or is just the download site disabled that contains it?

A suggestion would be to differentiate between the zip - Archive and source code files it contains. It might be the case
content itself is okay but something happend when zipping it?

With best regards,

Andreas

@Donavan
Copy link

Donavan commented Sep 27, 2012

The source is fine to download. They're only blocking actual binaries. The version on my machine was removed by anti-virus, others on my team with an earlier version were left intact.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Donavan @adoxa @paderEpiktet