- spyware?

ChO₂ chemistrydioxide at
Wed Jul 22 18:01:18 EDT 2009

Hello everybody,

Someone has put a web site on the internet that looks very similar to, but is actually different. This web site offers a file for
download that it claims to be Pidgin 2.5.8 for Windows.

I've downloaded Pidgin for Windows from the questionable web site and

Original file:
    md5: e1f46848473cf69236b8a7020b7e5bd7
    size: 14323030 bytes
Questionable version:
    md5: fc87e991b2484c4eac968e17a41b0d6d
    size: 14275882

I already suggested that could be shipping something
different than Pidgin or a version of Pidgin that is infected with
spyware or a virus, but after googleing for the md5 hash, it seems that
it's just Pidgin 2.5.4 which is offered there:

However, I still think that the person who is running that site is up to
doing something nasty because
- the website is imitating and mirroring parts of it.
- is hiding its whois information which is uncommon
for reputable web sites when most websites in the same zone have
extensive whois data.

I am afraid that many people happen to end up on that site because it is
the third Google result for "pidgin download":

Greetings from a country that doesn't know patriotism

PS: This is from #pidgin, today:

(2009-07-22 21:35:27) thomas001: thank google for it
(2009-07-22 21:35:48) dan: i did google, and i actually ended up at which appears to be spyware
(2009-07-22 21:36:26) thomas001: "pidgin windows download" gave good
(2009-07-22 21:37:45) dan: someone might want to take a look at the site since it seems to be a near copy of the real web
site, but links to s 300k exe file from some ad company
(2009-07-22 21:39:40) thomas001: wow,this is bad
(2009-07-22 21:39:58) Cobalt: I got a 13.7MB exe.
(2009-07-22 21:41:29) thomas001:
thie link is somewhat odd
(2009-07-22 21:42:20) Cobalt: That it is, also the name of the file,
although it appears to be the right size... But that can easily be
messed with.
(2009-07-22 21:42:48) Cobalt: Also, there's nothing there except the
Windows version, apparently.
(2009-07-22 21:44:10) Cobalt:
(2009-07-22 21:45:13) Cobalt: Creepy?


(2009-07-22 22:33:45) chemistrydioxide: is somehow
mirroring part of


(2009-07-22 22:44:01) chemistrydioxide: i just downloaded pidgin 2.5.8
from it's actually different from the official
version. it's slightly smaller


(2009-07-22 22:44:39) chemistrydioxide: i'm afraid that someone is
actually doing something nasty here
(2009-07-22 22:44:49) darkrain42: chemistrydioxide: ?
(2009-07-22 22:45:06) darkrain42: oh, sorry. saw the context. lastlog
was in the way.
(2009-07-22 22:45:10) ***darkrain42 grumbles
(2009-07-22 22:45:18) darkrain42: chemistrydioxide: Mention it in d at cpi,
(2009-07-22 22:45:23) elb: chemistrydioxide: that's not good
(2009-07-22 22:45:57) chemistrydioxide: darkrain42: k.
(2009-07-22 22:46:06) chemistrydioxide: i'll do it immediately

More information about the Devel mailing list