[SAC] Malware alarm: QGIS, ... sites
Hamish
hamish_b at yahoo.com
Sat Aug 8 18:22:53 PDT 2015
>> Mmm, I googled some online scanners...
>>
>> This one:
>>
>> http://quttera.com/detailed_report/www.qgis.org
>>
>> Reports 3 'malicious files':
>>
>> Detected reference to malicious blacklisted domain
> raw.githubusercontent.com
>>
>> Mmm, can that be the problem?
Richard Duivenvoorde wrote:> Ok, fully removed qgis website yesterday, and clean rebuild it after
> removing references to raw.githusercontent.com...
> Asked for a review..
>
> This morning:
>
> www.qgis.org should be ok now (but "As a result, we're removing the
> malware warning from your site. This may take some time to happen".
>
> www.qgis.org/pyqgis-cookbook 'still infected' :-( (again NO hints, do
> not know where to look for...)
Hi,
Looking at the pyqgis-cookbook site it's pretty simple, the only vectors I can think of are the CMS/server hacked and javascript malware inserted; seems doubtful and something the other scanners would find, but who knows. links to external graphics (github user content) which somehow got infected/replaced with a malformed image designed to exploit something in libpng etc.; isn't an exact match for the Google error message, but who knows.
And then we have the 3 pdfs here:
http://docs.qgis.org/testing/pdf/en/
The original diag msg complained about 3 files, I seem to be updating adobe software about once every week to patch newly found exploits, maybe the software that built them went bad or now triggers a false positives in Google's tests?
A long shot, but it's a theory to test, which is better than sitting around waiting. :)
regards,
Hamish
More information about the Sac
mailing list