[SAC] Malware alarm: QGIS, ... sites

Hamish hamish_b at yahoo.com
Sat Aug 8 18:22:53 PDT 2015

>>  Mmm, I googled some online scanners...

>>  This one:
>>  http://quttera.com/detailed_report/www.qgis.org
>>  Reports 3 'malicious files':
>>  Detected reference to malicious blacklisted domain 
> raw.githubusercontent.com
>>  Mmm, can that be the problem?

Richard Duivenvoorde wrote:> Ok, fully removed qgis website yesterday, and clean rebuild it after
> removing references to raw.githusercontent.com...
> Asked for a review..
> This morning:
> www.qgis.org should be ok now (but "As a result, we're removing the
> malware warning from your site. This may take some time to happen".
> www.qgis.org/pyqgis-cookbook 'still infected' :-( (again NO hints, do
> not know where to look for...)


Looking at the pyqgis-cookbook site it's pretty simple, the only vectors I can think of are the CMS/server hacked and javascript malware inserted; seems doubtful and something the other scanners would find, but who knows. links to external graphics (github user content) which somehow got infected/replaced with a malformed image designed to exploit something in libpng etc.; isn't an exact match for the Google error message, but who knows.

And then we have the 3 pdfs here:

The original diag msg complained about 3 files, I seem to be updating adobe software about once every week to patch newly found exploits, maybe the software that built them went bad or now triggers a false positives in Google's tests?

A long shot, but it's a theory to test, which is better than sitting around waiting. :)


More information about the Sac mailing list