[Cryptography] Is "drivers for foo" a major malware vector?
Tom Mitchell
mitch at niftyegg.com
Mon Apr 18 20:09:23 EDT 2016
On Sun, Apr 17, 2016 at 3:32 PM, Ray Dillinger <bear at sonic.net> wrote:
>
> I recently went to the Internet to search for a possible
> replacement for a device one of whose virtues was that
> there has never been any driver requirement whatsoever.
>
.....
>
> Nevertheless, when I searched for a possible replacement,
> I came up with hundreds and hundreds of sites that were
> offering free downloads of the drivers.
> ....
> advice?
>
For some time now this has been a thing.
Not always a virus but repackaged with stuff
that most really do not wish to have.
Almost all the "source"-hub packages can also be downloaded
from a long list of sites and most are repackaged with stuff not
related to the project.
I see three problems to start:
* malware
* virus vector
* misappropriation of trademark
An early step is to contact the maker and have them
put a no-file needed download page.
As a collection of sites it is possible that many
have been hacked by a single bad actor and
that is illegal enough to notify law enforcement.
Many anti virus and malware product vendors have
automated tools to submit bad web sites.
I stumbled on a hacked website once and after looking at the
hack from a 'safe' machine. I was able to craft a Google search
that made it easy to find many more. The key was a set of URIs that
went to a smaller set of sites selling drugs from off shore.
A couple emails and a week later they all went away.
It does pay to do a google site:search.your.com
for a list of drug names and other cruft that you
would never knowingly include.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160418/349d6eee/attachment.html>
More information about the cryptography
mailing list