Project Hosting Service Fosshub Compromised, Embedding Malware Inside Hosted Files (softpedia.com) 57
At least some applications on Fosshub, a free project hosting service appear to have been compromised, according to several reports. (Update: Fosshub has acknowledged the hack.) The software portal, furthermore, is serving malware payloads, reports add. Catalin Cimpanu of Softpedia says that a hacking group which goes by the name of PeggleCrew is responsible for the hack. "In short, a network service with no authentication was exposed to the internet," the hacker told Softpedia in an email. "We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email." The hacker group told the publication that they have compromised the entire website, "including the administrator's email. He also revealed he didn't dump the site's database but claimed that "passwords weren't salted." A user on Reddit, who has since received lots of upvotes, adds: Some popular apps that have links to FossHub that may be infected include: Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, and IrfanView.Another application which has reportedly been compromised is Classic Shell. It is ostensibly overwriting the MBR on users' computers. Many users are upset with the timing of hack, noting that plenty of people were looking for Classic Shell amid the release of Windows 10 Anniversary Update. Update: 08/03 17:30 GMT by M :In a blog post, Audacity said that Fosshub was serving a hacked copy of its audio editing software for three hours. It adds that "no Audacity Team infrastructure was compromised." Fosshub team writes: Last night we had a security incident caused by a group of hackers that allowed them to log-in to FossHub developer *through* an user that was compromised. Shortly after, we noticed two users that were compromised. They simply logged-in using their passwords and this allowed them to escalate. [...] Several hours later, we noticed the attackers were able to gain access through an FTP account and we decided to shut down the main server immediately to prevent any further infection/damage. FossHub.com is down on purpose until we are able to identify the way hackers were able to escalate. Fosshub insists that the hacked copy of Classic Shell was only downloaded 300 times. In the meantime, if you know someone who may have downloaded the compromised copy of Classic Shell, here's what they need to do next.
Well, crap (Score:3)
Re: (Score:2)
make a rescue disk. Reboot. If you can, you're fine, if not use rescue disk to rebuild mbr
Re: (Score:2)
First check if you installed the clean version:
http://www.classicshell.net/fo... [classicshell.net]
Otherwise, don't reboot yet, do a backup now, then follow the instructions from the link in the story above.
What the story doesn't mention is that MS helpfully deletes Classic Start Menu (well, moves it to Windows.old) when the Anniversary Update is installed, which is the only reason people were downloading a fresh copy of the Classic Shell installer rather than using the built-in update function (which wasn't affected by the
Classic Shell info (Score:4, Informative)
Clean: ClassicShellSetup_4_3_0.exe
MD5: e10881b65c27c6e09e5a33cd8bcd99c6
SHA1: a6b06d07fe3b1a7204b1b62c67fbf3c602385364
File size: 7220496 bytes
Infected: ClassicShellSetup_4_3_0.exe
MD5: c67dff7c65792e6ea24aa748f34b9232
SHA1: 438b6fa7d5a2c7ca49837f403bcbb73c14d46a3e
File size: 7148732 bytes
Re: (Score:3)
Why don't you reboot the system and see? =)
I have to say that as much as it sucks for those affected (which is not that much, since it's just the MBR), this virus is like a breath of fresh retro-air. Check out the message [twimg.com]
Ahh, it's like being in 1998 again and getting your drive wiped by CIH. Those were the days.
Malware host file (Score:1)
I don't know anything about malware hosted files... but I can tell you a lot about apk's malware infested host file.
Re: (Score:1)
Re: (Score:2)
Which web-based or otherwise graphical tool to manage a Git remote on your own server, as well as issues and pull requests and other things that code hosting services do for their users, do you recommend?
Re: (Score:2)
GitLab. [gitlab.com] It's basically a fork of GitHub and does the same sort of stuff.
Any timeline on the compromise? (Score:3)
I couldn't find any information on _when_ this was likely to have happened. I use 1/2 that list at home and the office, but haven't updated any in a few weeks at least, so I'd like to check that out.
Re: (Score:3)
I think you have your Rush albums confused...
Ouch (Score:1)
Ouch.
That site was pretty thoroughly compromised. It's going to take ages to clean up this mess. If it was me, I don't think I could ever trust that site to host my files again.
My only concerns now are: where source repositories compromised and is there any chance compromised applications will make it - or have made it - into, say, Debian or Fedora, or did the compromise just affect Windows installers (as the summary implies)?
Slashdot == Pinocchio is an insult to Pinocchio (Score:3)
Contrary to popular misconception, Pinocchio is not a pathological liar in the story but instead someone who learns from his mistakes, including learning not to need to lie. If only Slashdot were the same way.
Re: (Score:2)
to be exact if you drop more than say US$18 a month in fixing folks computers then getting Ninite Pro should be something you do NOW
(and if you need one of the bigger subs then please tell me you are not doing your software installs manually)
SOHO computer techs are what Ninite Pro is designed for