[fpc-devel] [Core] Dangerous download on bug report
Michael Van Canneyt
michael at freepascal.org
Wed Feb 24 08:35:55 CET 2021
I am also using Mozilla Firefox.
Michael.
On Wed, 24 Feb 2021, J. Gareth Moreton via fpc-devel wrote:
> It was through Mozilla Firefox though, so it might behave differently on
> different browsers.
>
> On 24/02/2021 07:28, J. Gareth Moreton via fpc-devel wrote:
>>
>> I tried to download the file but the link had me download an installer for
>> the file instead, which installed malware.
>>
>> Gareth aka. Kit
>>
>> On 24/02/2021 07:25, Michael Van Canneyt via fpc-devel wrote:
>>>
>>> Gareth,
>>>
>>> I don't know what you've been doing on that site, but I downloaded the
>>> bugreport
>>> file without problems. I didn't have to install anything, just downloaded
>>> a
>>> zip without the need to download or install anything else. The zip file
>>> contains only (a lot of) pascal files.
>>>
>>> I agree the method is somewhat unusual but as far as I can see the
>>> download
>>> is bona fide.
>>>
>>> Michael.
>>>
>>>
>>> On Wed, 24 Feb 2021, J. Gareth Moreton wrote:
>>>
>>>> A follow-up. I did some research on one of the 3rd party tools that was
>>>> installed... IdleBuddy. IT IS MALWARE. Specifically it is a crypto
>>>> miner (one that uses your resources and gives the credit to someone
>>>> else).
>>>>
>>>> Ironically, I use my laptop for crypto mining, so all my hardware
>>>> resources are in use anyway! Still, you bet I'm going to be giving my
>>>> laptop a thorough scan now. Curses.
>>>>
>>>> Gareth aka. Kit
>>>>
>>>> On 24/02/2021 05:54, J. Gareth Moreton via fpc-devel wrote:
>>>>> Hi everyone,
>>>>>
>>>>> This is a bit of a public service announcement. I tried to look at this
>>>>> bug:
>>>>>
>>>>> https://bugs.freepascal.org/view.php?id=38451
>>>>>
>>>>> The poster offered a ZIP download of their project, but it's hosted by a
>>>>> questionable site, since it requires browser add-ons (including Adobe
>>>>> Flash) and a client program (which apparently was digitally signed and
>>>>> recognised by Windows). It installed Opera and a number of 3rd Party
>>>>> Windows Services without permission. I've managed to uninstall said
>>>>> programs, and now I'm running a full virus scan because, frankly, I
>>>>> don't trust everything to be gone.
>>>>>
>>>>> I made a post on the bug report suggesting the author use a different
>>>>> download provider. But long story short, DO NOT DOWNLOAD FROM THE LINK
>>>>> PROVIDED.
>>>>>
>>>>> Gareth aka. Kit
>>>>>
>>>>>
>>>>
>>>> --
>>>> This email has been checked for viruses by Avast antivirus software.
>>>> https://www.avast.com/antivirus
>>>>
>>>> _______________________________________________
>>>> core site list
>>>> core at freepascal.org
>>>> https://idefix.freepascal.org/cgi-bin/mailman/listinfo/core
>>>>
>>>
>>> _______________________________________________
>>> fpc-devel maillist -fpc-devel at lists.freepascal.org
>>> https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-devel
>>
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>> Virus-free. www.avast.com
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>
>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
>> _______________________________________________
>> fpc-devel maillist - fpc-devel at lists.freepascal.org
>> https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-devel
>
More information about the fpc-devel
mailing list