According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus
According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus. Would someone confirm or deny this? Warning: DO NOT OPEN THE .DOC! Discalimer: Nothing personal against Debian https://lists.debian.org/debian-consultants/2016/01/msg00000.html links to: https://lists.debian.org/debian-consultants/2016/01/docyrW4BlUhzH.doc Submitting the last .doc URL at: https://www.virustotal.com and then going to: Go to downloaded file analysis gives: https://www.virustotal.com/en/file/c7210dc26e00a0d9f9bf8fb3b4850d52b62bb5836... SHA256: c7210dc26e00a0d9f9bf8fb3b4850d52b62bb5836a7fa34bb669fc1b1553005e File name: docyrW4BlUhzH.doc Detection ratio: 17 / 54 the first few results are: AVG W97M/Downloader 20160303 AVware Trojan-Downloader.O97M.Adnel.n (v) 20160303 AegisLab W97M.Gen!c 20160303 Arcabit HEUR.VBA.Trojan.e 20160303 Avast VBA:Downloader-ABC [Trj] 20160303 ESET-NOD32 VBA/TrojanDownloader.Agent.AOM 20160303 and some report it as clean. The .doc is downloadable with the same checksum.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/03/2016 03:44 AM, Georgi Guninski wrote:
According to www.virustotal.com, lists.debian.org are hosting attachment .DOC virus.
Would someone confirm or deny this?
Warning: DO NOT OPEN THE .DOC! Discalimer: Nothing personal against Debian
https://lists.debian.org/debian-consultants/2016/01/msg00000.html
links to:
https://lists.debian.org/debian-consultants/2016/01/docyrW4BlUhzH.
doc Well
phooey. I wanted to see what ClamAV said about it and what the textual content was, but... ~/Desktop $ wget https://lists.debian.org/debian-consultants/2016/01/docyrW4BlUhzH.do c [...] (lists.debian.org)|82.195.75.100|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2016-03-03 04:49:28 ERROR 404: Not Found. So, Bog only knows. I imagine it was uploaded by a user, probably one of them "Windoze apologists" would would rather fight than switch and probably don't know anything is wrong with their workstation. :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJW2Ap5AAoJEDZ0Gg87KR0LbDcQALq8j5NbrWFCyKJP6CGAKAEc HClqhchO83dwiJBir+h2v6nJOHV53vgARYQa8wE/9u3fvRXnaYoOuPt5+GK6dp1w Q6Uex2zp9z9CNzA28wRWMMCL5M+ZbTVi9bmU2IxU+ej4Lic0Ziz69R+X+UotvFHV N5qOWFr/CLuAuJvAsBYLAdh1wpZvzuw8Aa1fLOqRDVdBZuA6vIIJOlmg/VowEW79 VqilEosQ+SUc6eqn8Ky1cTE3sCY8JFh3rqwkLf3OAS4t1549c7zMqu0ApxOSsIXZ U9yAI0THIRVBXzzKp2MMRZj5XCcICq6FJ4a0Y5vT3iLKJLk963RFugv6BPscDdmX 3UduCfbc8HACJbUB6+k0HWmHqn1Uu+saf8jNiC1WFMhB4gI2qv2O0jQIMduG5XtD wYGT9z+mF538VAh2aCh0Ayhqu+qIqlv93ZWFNY4Vw4ruuWigYgtuy05u3YxiTJLT 0YYdVjkAKZkqE/HAQ58U4qdoskTFfqXTvte3GWGHDiRBR098S4VjyCUVTK888bH4 7dtzCt7qmuUlZa1kem/tg5JCi+Qzywp6v+Jh4PQsjumUvrVujkSr3hBWwRFTWqW7 KCSdkMM4bwolcYjcSqW9GyahbFouVI7IlQcmI4bDPfnXA4sWkxeUzEiqCjxzj35j X7FsmIsAHcoYM2IXDha/ =53tl -----END PGP SIGNATURE-----
On Thu, Mar 03, 2016 at 04:57:15AM -0500, Steve Kinney wrote:
phooey. I wanted to see what ClamAV said about it and what the textual content was, but...
~/Desktop $ wget https://lists.debian.org/debian-consultants/2016/01/docyrW4BlUhzH.do c
[...]
(lists.debian.org)|82.195.75.100|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2016-03-03 04:49:28 ERROR 404: Not Found.
Try scanning the .doc urls in virustotal from archive.org: https://web.archive.org/web/20160303105351/https://lists.debian.org/debian-s... https://web.archive.org/web/20160303105748/https://lists.debian.org/debian-h... Make sure then to follow "Go to downloaded file analysis".
On Thu, Mar 03, 2016 at 01:07:39PM +0200, Georgi Guninski wrote:
Try scanning the .doc urls in virustotal from archive.org:
https://web.archive.org/web/20160303105351/https://lists.debian.org/debian-s... https://web.archive.org/web/20160303105748/https://lists.debian.org/debian-h...
These are still alive even on debian, though I told this to two debian developers in private mail. One of them suggested to clean their site by clicking "report as spam": https://lists.debian.org/debian-legal/2016/03/msg00005.html
participants (2)
-
Georgi Guninski -
Steve Kinney