Malware Report #5
There's a slew of new malware skins uploaded to the main Rainmeter Gallery in the last couple of days. All downloads in the list at the end of this post are infected.
We try and check all the skins uploaded to our gallery for malware before accepting them and we try to keep this list up-to-date, but real-time interferes, so please practice safe downloading!
Some things to watch for:
- comments are usually disabled or hidden
- they are fairly new to dA, just a couple of new skins
- their profile page only has a few items on it
- they rip a skin/preview/description then upload it with malware or keyloggers
- downloads are zipped and have an .exe file which is the virus
- don't download files like Build.exe, Run.exe, FullInstall.exe, *.rmskin.exe, Full_Set_Up.pif - basically anything that ends in .exe or .pif.
How to test each download for a virus:
- Right-click 'Download File' link, choose 'Copy Link Location'
- Go to VirusTotal at www.virustotal.com/index.html and choose the Submit a Url tab
- Click on 'Submit Url' and then paste the link location in the Search Bar
If you come across malware, report it as malware. If it's your skin that's been ripped, report it and file a DMCA takedown notice.
They havent had a trial in about two years but I always run their software trial or paid! Enjoy it should be installed and integral to anyone's security config.
I think we just need to focus in and make it very clear that:
1) Never download a submission with Disabled or Hidden comments.
2) Never, ever, ever run any .exe file to "install a skin".
3) Be sure that any .rmskin is really a .rmskin and not .rmskin.pif or .rmskin.exe. For the love of all that is holy, turn off the setting "Hide extensions of known file types" in Windows.
It also proves that we're not crying wolf, that there really is a 'situation'. And if they have anyway of tracking, all those names and links will show to them who(s) is actually behind all this.
4) PLEASE use the "Report deviation" link on the lower right of the submission to report any suspicious deviation to deviantART staff. We need to keep flooding them with reports, so they understand that their site is under attack and don't get complacent.