Send MinGW-Notify mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.osdn.me/mailman/listinfo/mingw-notify
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of MinGW-Notify digest..."
Please do not reply to this notification; the sender address is unable to
accept incoming e-mail. If you wish to unsubscribe you can do so at
https://lists.osdn.me/mailman/listinfo/mingw-notify.
Today's Topics:
1. [mingw] #38527: www.mingw.org is compromised and serving a
trojaned installer (MinGW Notification List)
2. [mingw] #38527: www.mingw.org is compromised and serving a
trojaned installer (MinGW Notification List)
3. [mingw] #38527: www.mingw.org is compromised and serving a
trojaned installer (MinGW Notification List)
4. [mingw] #38527: www.mingw.org is compromised and serving a
trojaned installer (MinGW Notification List)
----------------------------------------------------------------------
Message: 1
Date: Wed, 22 Aug 2018 05:59:17 +0900
From: MinGW Notification List <[email protected]>
Subject: [MinGW-Notify] [mingw] #38527: www.mingw.org is compromised
and serving a trojaned installer
To: OSDN Ticket System <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
#38527: www.mingw.org is compromised and serving a trojaned installer
Open Date: 2018-08-22 05:59
Last Update: 2018-08-22 05:59
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2018-08-22 05:59 Updated by: ascendr
* New Ticket "www.mingw.org is compromised and serving a trojaned installer"
created
---------------------------------------------------------------------
Ticket Status:
Reporter: ascendr
Owner: keith
Type: Issues
Status: Open [Owner assigned]
Priority: 9 - Highest
MileStone: (None)
Component: INSTALLER
Severity: 5 - Medium
Resolution: None
---------------------------------------------------------------------
Ticket details:
www.mingw.org is compromised and is serving a trojaned installer.
Trojaned mingw installer is being served from www.mingw.org/sites/www.mingw.org
/files/releases/mingw-get-setup.exe
The trojan file is 470K instead of the expected 85K
The entire /sites child path has Index of (directory traversal) enabled.
The trojaned installer seems to install a Banking Trojan.
--
Ticket information of MinGW - Minimalist GNU for Windows project
MinGW - Minimalist GNU for Windows Project is hosted on OSDN
Project URL: https://osdn.net/projects/mingw/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
------------------------------
Message: 2
Date: Wed, 22 Aug 2018 06:11:07 +0900
From: MinGW Notification List <[email protected]>
Subject: [MinGW-Notify] [mingw] #38527: www.mingw.org is compromised
and serving a trojaned installer
To: OSDN Ticket System <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
#38527: www.mingw.org is compromised and serving a trojaned installer
Open Date: 2018-08-22 05:59
Last Update: 2018-08-22 06:11
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2018-08-22 06:11 Updated by: ascendr
Comment:
MD5 (mingw-get-setup.exe) = 15d6548423be7a23a516ba0fe4afd65a
https://www.virustotal.com/#/file/
32d903bd0cfdad8cba650e0c643ced6e8c50479259073b587182f86a0912b208/detection
---------------------------------------------------------------------
Ticket Status:
Reporter: ascendr
Owner: keith
Type: Issues
Status: Open [Owner assigned]
Priority: 9 - Highest
MileStone: (None)
Component: INSTALLER
Severity: 5 - Medium
Resolution: None
---------------------------------------------------------------------
Ticket details:
www.mingw.org is compromised and is serving a trojaned installer.
Trojaned mingw installer is being served from www.mingw.org/sites/www.mingw.org
/files/releases/mingw-get-setup.exe
The trojan file is 470K instead of the expected 85K
The entire /sites child path has Index of (directory traversal) enabled.
The trojaned installer seems to install a Banking Trojan.
--
Ticket information of MinGW - Minimalist GNU for Windows project
MinGW - Minimalist GNU for Windows Project is hosted on OSDN
Project URL: https://osdn.net/projects/mingw/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
------------------------------
Message: 3
Date: Tue, 21 Aug 2018 22:59:33 +0100
From: MinGW Notification List <[email protected]>
Subject: [MinGW-Notify] [mingw] #38527: www.mingw.org is compromised
and serving a trojaned installer
To: OSDN Ticket System <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
#38527: www.mingw.org is compromised and serving a trojaned installer
Open Date: 2018-08-21 21:59
Last Update: 2018-08-21 22:59
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2018-08-21 22:59 Updated by: keith
* Status Update from Open to Closed
* Owner Update from keith to (None)
* Resolution Update from None to Invalid
* Component Update from INSTALLER to WEBSITE
Comment:
Thank you for the report. I've closed it as invalid, for the following reasons:
1. It is not an "installer" issue, (as you've specified); it is a "website"
issue, and mingw.org does not serve the installer.
2. You've exceeded your authority, by assigning to me, in spite of explicit
instructions telling you that you must not do so.
Notwithstanding, I have removed the "Download Installer" button from the
website; I don't know how, or where, to fix the bad action which is associated
with it ... an action which, for me, delivers a zero-length file, (not the
470kb monster, to which you allude). The correct action would have been to
invoke a download from https://osdn.net/projects/mingw/downloads/68260/
mingw-get-setup.exe (size being 91kb, and 4 of 66 virus scanners report known
false positives), but, as noted, I don't know how to make that happen.
---------------------------------------------------------------------
Ticket Status:
Reporter: ascendr
Owner: (None)
Type: Issues
Status: Closed
Priority: 9 - Highest
MileStone: (None)
Component: WEBSITE
Severity: 5 - Medium
Resolution: Invalid
---------------------------------------------------------------------
Ticket details:
www.mingw.org is compromised and is serving a trojaned installer.
Trojaned mingw installer is being served from www.mingw.org/sites/www.mingw.org
/files/releases/mingw-get-setup.exe
The trojan file is 470K instead of the expected 85K
The entire /sites child path has Index of (directory traversal) enabled.
The trojaned installer seems to install a Banking Trojan.
--
Ticket information of MinGW - Minimalist GNU for Windows project
MinGW - Minimalist GNU for Windows Project is hosted on OSDN
Project URL: https://osdn.net/projects/mingw/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
------------------------------
Message: 4
Date: Wed, 22 Aug 2018 07:35:17 +0900
From: MinGW Notification List <[email protected]>
Subject: [MinGW-Notify] [mingw] #38527: www.mingw.org is compromised
and serving a trojaned installer
To: OSDN Ticket System <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
#38527: www.mingw.org is compromised and serving a trojaned installer
Open Date: 2018-08-22 05:59
Last Update: 2018-08-22 07:35
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2018-08-22 07:35 Updated by: ascendr
Comment:
If you can assist in forwarding this information to the right people who
support mingw.org website that would be great. The site is compromised and
serving malware.
---------------------------------------------------------------------
Ticket Status:
Reporter: ascendr
Owner: (None)
Type: Issues
Status: Closed
Priority: 9 - Highest
MileStone: (None)
Component: WEBSITE
Severity: 5 - Medium
Resolution: Invalid
---------------------------------------------------------------------
Ticket details:
www.mingw.org is compromised and is serving a trojaned installer.
Trojaned mingw installer is being served from www.mingw.org/sites/www.mingw.org
/files/releases/mingw-get-setup.exe
The trojan file is 470K instead of the expected 85K
The entire /sites child path has Index of (directory traversal) enabled.
The trojaned installer seems to install a Banking Trojan.
--
Ticket information of MinGW - Minimalist GNU for Windows project
MinGW - Minimalist GNU for Windows Project is hosted on OSDN
Project URL: https://osdn.net/projects/mingw/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net//projects/mingw/ticket/38527
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=3917&tid=38527
------------------------------
_______________________________________________
MinGW-Notify mailing list
[email protected]
https://lists.osdn.me/mailman/listinfo/mingw-notify
End of MinGW-Notify Digest, Vol 11, Issue 3
*******************************************
