[Cryptography] Is "drivers for foo" a major malware vector?

Mon Apr 18 20:09:23 EDT 2016

On Sun, Apr 17, 2016 at 3:32 PM, Ray Dillinger <bear at sonic.net> wrote:

>
> I recently went to the Internet to search for a possible
> replacement for a device one of whose virtues was that
> there has never been any driver requirement whatsoever.
>
.....

>
> Nevertheless, when I searched for a possible replacement,
> I came up with hundreds and hundreds of sites that were
> offering free downloads of the drivers.
> ....
> advice?
>

For some time now this has been a thing.
Not always a virus but repackaged with stuff
that most really do not wish to have.

Almost all the "source"-hub packages can also be downloaded
from a long list of sites and most are repackaged with stuff not
related to the project.

I see three problems to start:
  * malware
  * virus vector
  * misappropriation of trademark

An early step is to contact the maker and have them
put a no-file needed download page.

As a collection of sites it is possible that many
have been hacked by a single bad actor and
that is illegal enough to notify law enforcement.

Many anti virus and malware product vendors have
automated tools to submit bad web sites.

I stumbled on a hacked website once and after looking at the
hack from a 'safe' machine.  I was able to craft a Google search
that made it easy to find many more.  The key was a set of URIs that
went to a smaller set of sites selling drugs from off shore.
A couple emails and a week later they all went away.

It does pay to do a google site:search.your.com
for a list of drug names and other cruft that you
would never knowingly include.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160418/349d6eee/attachment.html>