Malware in latest Win x64 download

classic Classic list List threaded Threaded
6 messages Options
MR ZenWiz MR ZenWiz
Reply | Threaded
Open this post in threaded view
|

Malware in latest Win x64 download

I just downloaded the 5.3.2 Windows installer for 64-nit machines, and
the following two pieces of malware were detected on installation:

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/crck_jbean

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/crck_keygen

If this is normal, why?

If not, can it be fixed?

Thanks.
MR

--
To unsubscribe e-mail to: [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Cley Faye Cley Faye
Reply | Threaded
Open this post in threaded view
|

Re: Malware in latest Win x64 download

2017-04-10 22:15 GMT+02:00 MR ZenWiz <[hidden email]>:

> If this is normal, why?
>
> If not, can it be fixed?
>

​No, it is not normal. Although contamination of the official builds are
not impossible, it is however less likely to happen than the following:

- Download from a suspicious source. Always grab your download links from ​
https://www.libreoffice.org/download/download/ . It will redirect you to an
official mirror
- Corrupted/intercepted download because of an already infected system: you
can check the downloaded file fingerprint to make sure it matches the ones
listed here:
https://download.documentfoundation.org/libreoffice/stable/5.3.2/win/x86/LibreOffice_5.3.2_Win_x86.msi.mirrorlist
- False positive. On occasion, some AV software report false positives.

So, first question is: did you download it from the official site, second
is did the download was corrupted?

--
To unsubscribe e-mail to: [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
TomD TomD
Reply | Threaded
Open this post in threaded view
|

Re: Malware in latest Win x64 download

Hi :)
So md5sum or Sha checksums might help.  This article might help but i
haven't used the tools it recommends;
https://www.howtogeek.com/67241/htg-explains-what-are-md5-sha-1-hashes-and-how-do-i-check-them/

It's been a long time since i checked things in that way but it'd probably
be a good idea for me to be a bit less trusting.
Good luck and regards from
Tom :)





On 10 April 2017 at 21:24, Cley Faye <[hidden email]> wrote:

> 2017-04-10 22:15 GMT+02:00 MR ZenWiz <[hidden email]>:
>
> > If this is normal, why?
> >
> > If not, can it be fixed?
> >
>
> ​No, it is not normal. Although contamination of the official builds are
> not impossible, it is however less likely to happen than the following:
>
> - Download from a suspicious source. Always grab your download links from ​
> https://www.libreoffice.org/download/download/ . It will redirect you to
> an
> official mirror
> - Corrupted/intercepted download because of an already infected system: you
> can check the downloaded file fingerprint to make sure it matches the ones
> listed here:
> https://download.documentfoundation.org/libreoffice/stable/5.3.2/win/
> x86/LibreOffice_5.3.2_Win_x86.msi.mirrorlist
> - False positive. On occasion, some AV software report false positives.
>
> So, first question is: did you download it from the official site, second
> is did the download was corrupted?
>
> --
> To unsubscribe e-mail to: [hidden email]
> Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-
> unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>

--
To unsubscribe e-mail to: [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
krackedpress krackedpress
Reply | Threaded
Open this post in threaded view
|

Re: Malware in latest Win x64 download

In reply to this post by Cley Faye
On 04/10/2017 04:24 PM, Cley Faye wrote:

> 2017-04-10 22:15 GMT+02:00 MR ZenWiz <[hidden email]>:
>
>> If this is normal, why?
>>
>> If not, can it be fixed?
>>
> ​No, it is not normal. Although contamination of the official builds are
> not impossible, it is however less likely to happen than the following:
>
> - Download from a suspicious source. Always grab your download links from ​
> https://www.libreoffice.org/download/download/ . It will redirect you to an
> official mirror
> - Corrupted/intercepted download because of an already infected system: you
> can check the downloaded file fingerprint to make sure it matches the ones
> listed here:
> https://download.documentfoundation.org/libreoffice/stable/5.3.2/win/x86/LibreOffice_5.3.2_Win_x86.msi.mirrorlist
> - False positive. On occasion, some AV software report false positives.
>
> So, first question is: did you download it from the official site, second
> is did the download was corrupted?
>
This potential contaminations issues is one reason why I stopped
"officially" making a DVD with LibreOffice [all available platforms] and
documentation.

I believe that there were false positive issues a few years ago.  This
is a lesson for always checking your newly downloaded Windows packages
through you security software.  I run several to cover "most
posibilities".  That is one reason I use Windows 10 as little as
possible and Ubuntu Linux as my default OS.



--
To unsubscribe e-mail to: [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
m.a.riosv m.a.riosv
Reply | Threaded
Open this post in threaded view
|

Re: Malware in latest Win x64 download

In reply to this post by TomD
Three weeks ago I reported what I supposed was a false positive to Avira antivirus about LibreOffice development versions, it was accepted as false positive and solved on a few days.
Miguel Ángel
MR ZenWiz MR ZenWiz
Reply | Threaded
Open this post in threaded view
|

Re: Malware in latest Win x64 download

In reply to this post by Cley Faye
On Mon, Apr 10, 2017 at 1:24 PM, Cley Faye <[hidden email]> wrote:
> 2017-04-10 22:15 GMT+02:00 MR ZenWiz <[hidden email]>:
>
>> If this is normal, why?
>>
>> If not, can it be fixed?
>
:
> So, first question is: did you download it from the official site, second
Yes - LO direct.

> is did the download was corrupted?
I'll have to check when I get back to work, but I have doubts.

The false positive is at least as likely.

Thanks.

--
To unsubscribe e-mail to: [hidden email]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted